Security and CVE scan results
Review security and CVE scan results for Solo.io products.
Gloo container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities. To learn more about how Solo.io detects, tracks, and remediates CVEs, see CVE lifecycle handling.
Security and CVE scan
Latest 2.6.x gloo mesh enterprise Release: 2.6.5
gloo mesh enterprise gloo-mesh-ui image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No scan found
gloo mesh enterprise gloo-otel-collector image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No scan found
gloo mesh enterprise gloo-mesh-istiod-agent image
No scan found
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No scan found
gloo mesh enterprise gloo-mesh-apiserver image
No scan found
Release 2.6.4
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.4 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.4 (ubuntu 24.04)
Vulnerabilities Listed for usr/local/bin/pilot-agent
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v26.1.4+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.6.4 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.4 (alpine 3.18.9)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.4 (alpine 3.18.9)
No Vulnerabilities Found for usr/local/bin/agent-linux-amd64
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.4 (alpine 3.18.9)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.4 (alpine 3.18.9)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.4 (alpine 3.18.9)
No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.6.4 (alpine 3.18.9)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.4 (alpine 3.18.9)
No Vulnerabilities Found for usr/local/bin/mgmt-server-linux-amd64
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.4 (alpine 3.18.9)
No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64
Release 2.6.3
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.3 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.3 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.6.3 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.3 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.3 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/agent-linux-amd64
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.3 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.3 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.3 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.6.3 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.3 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/mgmt-server-linux-amd64
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.3 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64
Release 2.6.2
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.2 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.2 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.6.2 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.2 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.2 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/agent-linux-amd64
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.2 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.2 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.2 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.6.2 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.2 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/mgmt-server-linux-amd64
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.2 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64
Release 2.6.1
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.1 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.1 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.6.1 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.1 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.1 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/agent-linux-amd64
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.1 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.1 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.1 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.6.1 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.1 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/mgmt-server-linux-amd64
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.1 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64
Release 2.6.0
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.6.0 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.6.0 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.6.0 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.6.0 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.6.0 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.6.0 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.6.0 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.6.0 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.6.0 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.6.0 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.6.0 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
Latest 2.5.x gloo mesh enterprise Release: 2.5.11
gloo mesh enterprise gloo-mesh-ui image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No scan found
gloo mesh enterprise gloo-otel-collector image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No scan found
gloo mesh enterprise gloo-mesh-istiod-agent image
No scan found
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No scan found
gloo mesh enterprise gloo-mesh-apiserver image
No scan found
Release 2.5.10
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.10 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.10 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.10 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.10 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.10 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.10 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.10 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.10 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/analyzer-linux-amd64
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.10 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.10 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.10 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v25.0.5+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Release 2.5.9
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.9 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.9 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.9 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.9 (alpine 3.18.7)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.9 (alpine 3.18.7)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.9 (alpine 3.18.7)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.9 (alpine 3.18.7)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.9 (alpine 3.18.7)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.2.2 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2024-36129 | go.opentelemetry.io/collector/config/configgrpc | HIGH | v0.89.0 | 0.102.1 | https://avd.aquasec.com/nvd/cve-2024-36129 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.9 (alpine 3.18.7)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.9 (alpine 3.18.7)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.9 (alpine 3.18.7)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Release 2.5.8
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.8 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.8 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.8 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.8 (alpine 3.18.7)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.8 (alpine 3.18.7)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.8 (alpine 3.18.7)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.8 (alpine 3.18.7)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.8 (alpine 3.18.7)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.2.2 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2024-36129 | go.opentelemetry.io/collector/config/configgrpc | HIGH | v0.89.0 | 0.102.1 | https://avd.aquasec.com/nvd/cve-2024-36129 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.8 (alpine 3.18.7)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.8 (alpine 3.18.7)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.8 (alpine 3.18.7)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Release 2.5.7
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.7 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.7 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.7 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.7 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.7 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.7 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.7 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.7 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.2.2 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2024-36129 | go.opentelemetry.io/collector/config/configgrpc | HIGH | v0.89.0 | 0.102.1 | https://avd.aquasec.com/nvd/cve-2024-36129 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.7 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.7 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.7 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Release 2.5.6
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.6 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.6 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.6 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.6 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.6 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.6 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.6 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.6 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.2.2 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2024-36129 | go.opentelemetry.io/collector/config/configgrpc | HIGH | v0.89.0 | 0.102.1 | https://avd.aquasec.com/nvd/cve-2024-36129 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.6 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.6 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.6 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Release 2.5.5
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.5 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.5 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.5 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.5 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.5 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.5 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.5 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.5 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.2.2 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2024-36129 | go.opentelemetry.io/collector/config/configgrpc | HIGH | v0.89.0 | 0.102.1 | https://avd.aquasec.com/nvd/cve-2024-36129 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.5 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.5 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.5 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Release 2.5.4
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.4 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.4 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.4 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.4 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.4 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.4 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.4 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.4 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.2.2 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2024-36129 | go.opentelemetry.io/collector/config/configgrpc | HIGH | v0.89.0 | 0.102.1 | https://avd.aquasec.com/nvd/cve-2024-36129 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.4 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.4 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.4 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Release 2.5.3
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.3 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.3 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.3 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.3 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.3 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.3 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.3 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.3 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.2.2 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2024-36129 | go.opentelemetry.io/collector/config/configgrpc | HIGH | v0.89.0 | 0.102.1 | https://avd.aquasec.com/nvd/cve-2024-36129 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.3 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.3 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.3 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Release 2.5.2
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.2 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.2 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.2 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.2 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.2 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.2 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.2 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.2 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.2 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.2 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/mgmt-server-linux-amd64
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.2 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/apiserver-linux-amd64
Release 2.5.1
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.1 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.1 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.1 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.1 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.1 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.1 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.1 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.1 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.2.2 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2024-36129 | go.opentelemetry.io/collector/config/configgrpc | HIGH | v0.89.0 | 0.102.1 | https://avd.aquasec.com/nvd/cve-2024-36129 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.1 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.1 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.1 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Release 2.5.0
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.5.0 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.5.0 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.5.0 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.5.0 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.5.0 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.5.0 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.5.0 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-analyzer:2.5.0 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/analyzer-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.2.2 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2024-36129 | go.opentelemetry.io/collector/config/configgrpc | HIGH | v0.89.0 | 0.102.1 | https://avd.aquasec.com/nvd/cve-2024-36129 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.13.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-insights image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-insights:2.5.0 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/insights-linux-amd64
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.5.0 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.5.0 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v24.0.7+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
Latest 2.4.x gloo mesh enterprise Release: 2.4.16
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.16 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.16 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.16 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.16 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.16 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.16 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.16 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.16 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.16 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.15
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.15 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.15 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.15 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.15 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.15 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.15 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.15 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.15 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.15 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.14
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.14 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.14 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.14 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.14 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.14 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.14 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.14 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.14 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.14 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.13
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.13 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.13 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.13 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.13 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.13 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.13 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.13 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.13 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.13 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.12
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.12 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.12 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.12 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.12 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.12 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.12 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.12 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.12 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.12 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.11
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.11 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.11 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.11 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.11 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.11 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.11 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.11 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.11 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.11 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.10
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.10 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.10 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.10 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.10 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.10 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.10 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.10 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.10 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.10 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.9
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.9 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.9 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.9 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.9 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.9 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.9 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.9 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.9 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.9 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.8
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.8 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.8 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.8 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.8 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.8 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.8 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.8 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.8 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.8 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.7
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.7 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.7 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.4.7 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.7 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/spire-controller-linux-amd64
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.7 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.7 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/istiod-agent-linux-amd64
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.7 (alpine 3.18.5)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.7 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.7 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.6
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.6 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.6 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.4.6 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.6 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.6 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.6 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.6 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.6 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.6 (alpine 3.18.5)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.5
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.5 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.5 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.4.5 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.4
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.4 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.4 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.4.4 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.4 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.4 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.4 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.4 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.4 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.4 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.3
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.3 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.3 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.4.3 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.3 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.3 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.3 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.3 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.3 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.3 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.2
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.2 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.2 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.4.2 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.2 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.2 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.2 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.2 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.2 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.2 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.1
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.1 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.1 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.4.1 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.1 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.1 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.1 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.1 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.1 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.1 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.1+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.4.0
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.0 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.0 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.4.0 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.0 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.0 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.11.1 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.0 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.0 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.0 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.11.1 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.0 (alpine 3.18.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.11.1 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Latest 2.3.x gloo mesh enterprise Release: 2.3.24
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.24 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.24 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.3.24 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.24 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.24 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.24 (alpine 3.18.8)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.24 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.24 (alpine 3.18.8)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.23
gloo mesh enterprise gloo-mesh-ui image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.23 (alpine 3.18.6)
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.23 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-otel-collector:2.3.23 (alpine 3.18.5)
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.23 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.23 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.23 (alpine 3.18.6)
No Vulnerabilities Found for usr/local/bin/portal-server-linux-amd64
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.23 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.23 (alpine 3.18.6)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v23.0.3+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.12.3 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.22
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.22 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.22 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.22 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.21
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.21 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.21 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.21 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.20
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.20 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.20 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.20 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.20 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.20 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.20 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.20 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.20 (alpine 3.18.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.19
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.19 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.19 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.19 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.19 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.19 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.19 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.19 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.19 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.18
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.18 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.18 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.18 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.18 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.18 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.18 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.18 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.18 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.17
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.17 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.17 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.17 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.17 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.17 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.17 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.17 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.17 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.16
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.16 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.16 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.16 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.16 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.16 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.16 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.16 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.16 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.15
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.15 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.15 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.15 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.15 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.15 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.15 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.15 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.15 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.14
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.14 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.14 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.14 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.14 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.14 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.14 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.14 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.14 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.13
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.13 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.13 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.13 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.13 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.13 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.13 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.13 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.13 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.12
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.12 (alpine 3.17.5)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.12 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.12 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.12 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.12 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.12 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.12 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.12 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.11
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.11 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.11 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.11 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.11 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.11 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.11 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.11 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.11 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.10 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.25+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
Release 2.3.10
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.10 (alpine 3.17.4)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.10 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.10 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.10 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.10 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.10 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.10 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.10 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.9
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.9 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.9 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.9 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.9 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.9 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.9 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.9 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.9 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.8
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.8 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.8 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.8 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.8 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.8 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.8 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.8 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.8 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.7
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.7 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.7 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.7 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.7 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.7 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.7 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.7 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.7 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.6
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.6 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.6 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.6 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.6 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.6 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.6 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.6 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.6 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.5
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.5 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.5 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.5 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.5 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.5 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.5 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.5 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.5 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.4
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.4 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.4 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.4 (alpine 3.18.0)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-48174 | busybox | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2022-48174 | busybox-binsh | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.1.0-r4 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-48174 | ssl_client | CRITICAL | 1.36.0-r9 | 1.36.1-r1 | https://avd.aquasec.com/nvd/cve-2022-48174 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.4 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.4 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.4 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.4 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.4 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.3
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.3 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.3 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.3 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.3 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.3 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.3 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.3 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.3 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.2
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.2 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.2 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.2 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.2 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.2 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.2 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.2 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.2 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.1
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.1 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.1 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.1 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.1 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.1 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.1 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.1 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.1 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.3.0
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.0 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.0 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.3.0 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.0 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.0 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.0 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.0 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.0 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.9.4 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Latest 2.2.x gloo mesh enterprise Release: 2.2.9
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.9 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.9 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.9 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.9 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.9 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.9 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.9 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.2.8
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.8 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.8 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.8 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.8 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.8 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.8 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.8 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.2.7
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.7 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.7 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.7 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.7 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.7 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.7 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.7 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.2.6
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.6 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.6 (ubuntu 20.04)
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.6 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.6 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.6 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.6 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.6 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.16+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.2.5
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.5 (alpine 3.17.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.5 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.5 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.5 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.5 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.5 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.5 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.2.4
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.4 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.4 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.4 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.4 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.4 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.4 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.4 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.2.3
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.3 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.3 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.3 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.3 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.3 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.3 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.3 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.2.2
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.2 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.2 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.2 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.2 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.2 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.2 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.2 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.2.1
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.1 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.1 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.1 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.1 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.1 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.1 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.1 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.2.0
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.0 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.0 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-otel-collector:2.2.0 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for gloo-otel-collector
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2024-41110 | github.com/docker/docker | CRITICAL | v20.10.21+incompatible | 23.0.15, 26.1.5, 27.1.1, 25.0.6 | https://avd.aquasec.com/nvd/cve-2024-41110 |
CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.21+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
GHSA-87m9-rv8p-rgmg | github.com/mostynb/go-grpc-compression | HIGH | v1.1.17 | 1.2.3 | https://github.com/advisories/GHSA-87m9-rv8p-rgmg |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.4 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2023-34231 | github.com/snowflakedb/gosnowflake | HIGH | v1.6.15 | 1.6.19 | https://avd.aquasec.com/nvd/cve-2023-34231 |
CVE-2023-47108 | go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc | HIGH | v0.36.4 | 0.46.0 | https://avd.aquasec.com/nvd/cve-2023-47108 |
CVE-2023-45142 | go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp | HIGH | v0.36.4 | 0.44.0 | https://avd.aquasec.com/nvd/cve-2023-45142 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.3.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.3.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.51.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.0 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.0 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.0 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.0 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2024-28860 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.13.14, 1.14.9, 1.15.3 | https://avd.aquasec.com/nvd/cve-2024-28860 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2024-27289 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2 | https://avd.aquasec.com/nvd/cve-2024-27289 |
CVE-2024-27304 | github.com/jackc/pgx | HIGH | v3.6.2+incompatible | 4.18.2, 5.5.4 | https://avd.aquasec.com/nvd/cve-2024-27304 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2024-21626 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.12 | https://avd.aquasec.com/nvd/cve-2024-21626 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2024-26147 | helm.sh/helm/v3 | HIGH | v3.8.2 | 3.14.2 | https://avd.aquasec.com/nvd/cve-2024-26147 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Latest 2.1.x gloo mesh enterprise Release: 2.1.5
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.5 (alpine 3.17.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.5 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.5 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.5 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.5 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.5 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.1.4
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.4 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.4 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.4 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.4 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.4 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.4 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.1.3
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.3 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.3 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.3 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.3 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.3 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.3 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.1.2
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.2 (alpine 3.16.3)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.2 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.2 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.2 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.2 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.2 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.1.1
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.1 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-32221 | curl | CRITICAL | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-32221 |
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r2 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-42915 | curl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42915 |
CVE-2022-42916 | curl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42916 |
CVE-2022-43551 | curl | HIGH | 7.83.1-r2 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-32221 | libcurl | CRITICAL | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-32221 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r2 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-42915 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42915 |
CVE-2022-42916 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42916 |
CVE-2022-43551 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2022-2309 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r1 | https://avd.aquasec.com/nvd/cve-2022-2309 |
CVE-2022-40303 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r2 | https://avd.aquasec.com/nvd/cve-2022-40303 |
CVE-2022-40304 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r2 | https://avd.aquasec.com/nvd/cve-2022-40304 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
CVE-2022-37434 | zlib | CRITICAL | 1.2.12-r1 | 1.2.12-r2 | https://avd.aquasec.com/nvd/cve-2022-37434 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.1 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.1 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.1 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.1 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.1 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
Release 2.1.0
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.0 (alpine 3.16.1)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-32221 | curl | CRITICAL | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-32221 |
CVE-2023-23914 | curl | CRITICAL | 7.83.1-r2 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | curl | CRITICAL | 7.83.1-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-42915 | curl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42915 |
CVE-2022-42916 | curl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42916 |
CVE-2022-43551 | curl | HIGH | 7.83.1-r2 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | curl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | curl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | curl | HIGH | 7.83.1-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | curl | HIGH | 7.83.1-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-32221 | libcurl | CRITICAL | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-32221 |
CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r2 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
CVE-2022-42915 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42915 |
CVE-2022-42916 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42916 |
CVE-2022-43551 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
CVE-2023-27533 | libcurl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
CVE-2023-27534 | libcurl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
CVE-2023-28319 | libcurl | HIGH | 7.83.1-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
CVE-2023-38039 | libcurl | HIGH | 7.83.1-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
CVE-2022-2309 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r1 | https://avd.aquasec.com/nvd/cve-2022-2309 |
CVE-2022-40303 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r2 | https://avd.aquasec.com/nvd/cve-2022-40303 |
CVE-2022-40304 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r2 | https://avd.aquasec.com/nvd/cve-2022-40304 |
CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
CVE-2022-37434 | zlib | CRITICAL | 1.2.12-r1 | 1.2.12-r2 | https://avd.aquasec.com/nvd/cve-2022-37434 |
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.0 (ubuntu 18.04)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-otel-collector image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.0 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.0 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise gloo-mesh-analyzer image
No scan found
gloo mesh enterprise gloo-mesh-insights image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.0 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.0 (alpine 3.16.2)
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
---|---|---|---|---|---|
CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |