Security and CVE report

Gloo Mesh Enterprise container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 2.0.x gloo mesh enterprise Release: 2.0.23

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-ui:2.0.23 (alpine 3.16.2)

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.23 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.23 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.23 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-apiserver:2.0.23 (alpine 3.14.2)

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-agent:2.0.23 (alpine 3.14.2)

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.22

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-ui:2.0.22 (alpine 3.16.2)

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.22 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.22 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.22 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-apiserver:2.0.22 (alpine 3.14.2)

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-agent:2.0.22 (alpine 3.14.2)

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.21

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-ui:2.0.21 (alpine 3.16.2)

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.21 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.21 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.21 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-apiserver:2.0.21 (alpine 3.14.2)

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-agent:2.0.21 (alpine 3.14.2)

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.20

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-ui:2.0.20 (alpine 3.16.2)

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.20 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.20 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.20 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-apiserver:2.0.20 (alpine 3.14.2)

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-agent:2.0.20 (alpine 3.14.2)

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.19

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-ui:2.0.19 (alpine 3.16.2)

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.19 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.19 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.19 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-apiserver:2.0.19 (alpine 3.14.2)

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-agent:2.0.19 (alpine 3.14.2)

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.18

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-ui:2.0.18 (alpine 3.16.2)

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.18 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.18 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.18 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-apiserver:2.0.18 (alpine 3.14.2)

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-agent:2.0.18 (alpine 3.14.2)

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.17

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-ui:2.0.17 (alpine 3.16.2)

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.17 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.17 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.17 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-apiserver:2.0.17 (alpine 3.14.2)

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-agent:2.0.17 (alpine 3.14.2)

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.16

gloo mesh enterprise gloo-mesh-ui image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-ui:2.0.16 (alpine 3.16.2)

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.16 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.16 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.16 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-apiserver:2.0.16 (alpine 3.14.2)

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-agent:2.0.16 (alpine 3.14.2)

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.15

gloo mesh enterprise gloo-mesh-ui image

No scan found

gloo mesh enterprise gloo-mesh-envoy image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.14

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.14 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.14 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.14 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-istiod-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.14 (alpine 3.14.2)

gloo mesh enterprise gloo-mesh-apiserver image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-apiserver:2.0.14 (alpine 3.14.2)

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No Vulnerabilities Found for quay.io/solo-io/gloo-mesh-agent:2.0.14 (alpine 3.14.2)

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.13

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.13 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.13 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.13 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.13 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.13 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.13 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.12

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.12 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.12 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.12 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.12 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.12 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.12 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.11

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.11 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.11 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.11 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.11 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.11 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.11 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.10

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.10 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.10 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.9

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.9 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.9 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.8

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.8 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.8 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.7

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.7 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.7 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.6

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.6 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.6 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.5

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.5 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.4

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.4 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.3

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.3 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27405 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r1 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.2

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.2 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 curl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.11.1-r0 2.11.1-r1 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.1

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.1 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 curl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.11.1-r0 2.11.1-r1 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Release 2.0.0

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:2.0.0 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 curl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.11.1-r0 2.11.1-r1 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.80.0-r0 7.80.0-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27780 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r0 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:2.0.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-mgmt-server:2.0.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-istiod-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-istiod-agent:2.0.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:2.0.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-agent:2.0.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

gloo mesh enterprise enterprise-networking image

No scan found

Latest 1.2.x gloo mesh enterprise Release: 1.2.30

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.30 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.30 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.30 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.30 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.30 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.30 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.29

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.29 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.29 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.29 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.29 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.29 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.29 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.28

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.28 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.28 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.28 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.28 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.28 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.28 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.27

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.27 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.27 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.27 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.27 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.27 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.27 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.26

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.26 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.26 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.26 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.26 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.26 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.26 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.25

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.25 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.25 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.25 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.25 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.25 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.25 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.24

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.24 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.24 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.24 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.24 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.24 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.24 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.23

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.23 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.23 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.23 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.23 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.23 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.23 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.22

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.22 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.22 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.22 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.22 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.22 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.22 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.21

gloo mesh enterprise gloo-mesh-ui image

No scan found

gloo mesh enterprise gloo-mesh-envoy image

No scan found

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

No scan found

gloo mesh enterprise enterprise-agent image

No scan found

gloo mesh enterprise rbac-webhook image

No scan found

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

No scan found

Release 1.2.20

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.20 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.20 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.20 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.20 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.20 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.20 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.19

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.19 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.19 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.19 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.19 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.19 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.19 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.18

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.18 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.18 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.18 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.18 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.18 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.18 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.17

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.17 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.17 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.17 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.17 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.17 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.17 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.16

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.16 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.16 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.16 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.16 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.16 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.16 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.15

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.15 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.15 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.15 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.15 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.15 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.15 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.14

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.14 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.14 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.14 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.14 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.14 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.14 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.4 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.4 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211130175222-4959f6f44728 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211130175222-4959f6f44728 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.13

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.13 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.13 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.13 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.13 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.13 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.13 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.12

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.12 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.12 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.12 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.12 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.12 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.12 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.11

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.11 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.11 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.11 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.11 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.11 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.11 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.10

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.10 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.10 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.10 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.9

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.9 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.9 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.9 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.8

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.8 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.8 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.8 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.7

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.7 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.7 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.7 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.6

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.6 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.6 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.6 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.5

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.5 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.4

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.4 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.3

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.3 (alpine 3.13.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 curl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 libcurl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.2

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.2 (alpine 3.13.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 curl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 libcurl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20211019135535-77e71d7074d8 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20211019135535-77e71d7074d8 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.1

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.1 (alpine 3.13.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 curl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 libcurl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.2.0

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.2.0 (alpine 3.13.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 curl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 libcurl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.2.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.2.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.2.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.2.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.2.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for usr/local/bin/executable

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2022-1996 github.com/emicklei/go-restful CRITICAL v2.11.1+incompatible 2.16.0 https://avd.aquasec.com/nvd/cve-2022-1996
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2022-29162 github.com/opencontainers/runc HIGH v1.0.0-rc9 v1.1.2 https://avd.aquasec.com/nvd/cve-2022-29162
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Latest 1.1.x gloo mesh enterprise Release: 1.1.8

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.1.8 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.1-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.1-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2022-28391 busybox CRITICAL 1.32.1-r3 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-28831 busybox HIGH 1.32.1-r3 1.32.1-r4 https://avd.aquasec.com/nvd/cve-2021-28831
CVE-2021-42378 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2021-22945 curl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 curl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 libcurl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-23308 libxml2 HIGH 2.9.10-r6 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r3 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-28831 ssl_client HIGH 1.32.1-r3 1.32.1-r4 https://avd.aquasec.com/nvd/cve-2021-28831
CVE-2021-42378 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.1.8 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3449 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.9 https://avd.aquasec.com/nvd/cve-2021-3449
CVE-2021-3711 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.13 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-33910 libsystemd0 HIGH 237-3ubuntu10.44 237-3ubuntu10.49 https://avd.aquasec.com/nvd/cve-2021-33910
CVE-2021-33910 libudev1 HIGH 237-3ubuntu10.44 237-3ubuntu10.49 https://avd.aquasec.com/nvd/cve-2021-33910
CVE-2021-3449 openssl HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.9 https://avd.aquasec.com/nvd/cve-2021-3449
CVE-2021-3711 openssl HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.13 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.1.8 (alpine 3.11.12)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2021-42378 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386

Vulnerabilities Listed for usr/local/bin/gloo-mesh-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.1.8 (alpine 3.11.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2021-42378 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386

Vulnerabilities Listed for usr/local/bin/enterprise-agent

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.1.8 (alpine 3.11.12)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2021-42378 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386

Vulnerabilities Listed for usr/local/bin/rbac-webhook

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise gloo-mesh-agent image

No scan found

gloo mesh enterprise enterprise-networking image

Vulnerabilities Listed for quay.io/solo-io/enterprise-networking:1.1.8 (alpine 3.11.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2021-42378 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386

Vulnerabilities Listed for usr/local/bin/enterprise-networking

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741
Release 1.1.7

gloo mesh enterprise gloo-mesh-ui image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-ui:1.1.7 (alpine 3.13.3)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.1-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.1-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2022-28391 busybox CRITICAL 1.32.1-r3 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-28831 busybox HIGH 1.32.1-r3 1.32.1-r4 https://avd.aquasec.com/nvd/cve-2021-28831
CVE-2021-42378 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2021-22945 curl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 curl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 libcurl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-23308 libxml2 HIGH 2.9.10-r6 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-28391 ssl_client CRITICAL 1.32.1-r3 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2021-28831 ssl_client HIGH 1.32.1-r3 1.32.1-r4 https://avd.aquasec.com/nvd/cve-2021-28831
CVE-2021-42378 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r3 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

gloo mesh enterprise gloo-mesh-envoy image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-envoy:1.1.7 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3449 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.9 https://avd.aquasec.com/nvd/cve-2021-3449
CVE-2021-3711 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.13 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-33910 libsystemd0 HIGH 237-3ubuntu10.44 237-3ubuntu10.49 https://avd.aquasec.com/nvd/cve-2021-33910
CVE-2021-33910 libudev1 HIGH 237-3ubuntu10.44 237-3ubuntu10.49 https://avd.aquasec.com/nvd/cve-2021-33910
CVE-2021-3449 openssl HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.9 https://avd.aquasec.com/nvd/cve-2021-3449
CVE-2021-3711 openssl HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.13 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.8 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

gloo mesh enterprise gloo-mesh-mgmt-server image

No scan found

gloo mesh enterprise gloo-mesh-istiod-agent image

No scan found

gloo mesh enterprise gloo-mesh-apiserver image

Vulnerabilities Listed for quay.io/solo-io/gloo-mesh-apiserver:1.1.7 (alpine 3.11.12)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2021-42378 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386

Vulnerabilities Listed for usr/local/bin/gloo-mesh-apiserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160

gloo mesh enterprise enterprise-agent image

Vulnerabilities Listed for quay.io/solo-io/enterprise-agent:1.1.7 (alpine 3.11.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2021-42378 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386

Vulnerabilities Listed for usr/local/bin/enterprise-agent

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-41103 github.com/containerd/containerd HIGH v1.4.3 v1.4.11, v1.5.7 https://avd.aquasec.com/nvd/cve-2021-41103
CVE-2022-23648 github.com/containerd/containerd HIGH v1.4.3 1.4.13, 1.5.10, 1.6.1 https://avd.aquasec.com/nvd/cve-2022-23648
CVE-2021-41092 github.com/docker/cli HIGH v20.10.3+incompatible v20.10.9 https://avd.aquasec.com/nvd/cve-2021-41092
CVE-2014-9356 github.com/moby/moby HIGH v0.7.3-0.20190826074503-38ab9da00309 v1.3.3 https://avd.aquasec.com/nvd/cve-2014-9356
CVE-2019-19921 github.com/opencontainers/runc HIGH v1.0.0-rc9 1.0.0-rc9.0.20200122160610-2fc03cc11c77 https://avd.aquasec.com/nvd/cve-2019-19921
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2019-11253 k8s.io/kubernetes HIGH v1.13.0 1.13.12, 1.14.8, 1.15.5, 1.16.2 https://avd.aquasec.com/nvd/cve-2019-11253
CVE-2020-8558 k8s.io/kubernetes HIGH v1.13.0 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.13.0 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

gloo mesh enterprise rbac-webhook image

Vulnerabilities Listed for quay.io/solo-io/rbac-webhook:1.1.7 (alpine 3.11.12)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2021-42378 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.31.1-r10 1.31.1-r11 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client H