Security Updates

Portal container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 1.2.x Gloo Portal Release: v1.2.12

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.2.12 (alpine 3.15.4)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.12 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.12 (alpine 3.15.4)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/adminserver

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.12 (alpine 3.16.1)

Release v1.2.11

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.2.11 (alpine 3.15.4)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.11 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.11 (alpine 3.15.4)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/adminserver

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.11 (alpine 3.16.1)

Release v1.2.10

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.2.10 (alpine 3.15.4)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.10 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.10 (alpine 3.15.4)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.10 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-42915 curl CRITICAL 7.83.1-r3 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 curl HIGH 7.83.1-r3 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-42915 libcurl CRITICAL 7.83.1-r3 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 libcurl HIGH 7.83.1-r3 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-40303 libxml2 HIGH 2.9.14-r1 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r1 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304

Release v1.2.9

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.2.9 (alpine 3.15.4)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.9 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.9 (alpine 3.15.4)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.9 (alpine 3.16.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-42915 curl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 curl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-42915 libcurl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 libcurl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-2309 libxml2 HIGH 2.9.14-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304

Release v1.2.8

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.8 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.8 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.8 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.8 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-42915 curl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 curl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-42915 libcurl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 libcurl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-2309 libxml2 HIGH 2.9.14-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.7

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.7 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.7 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.7 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.7 (alpine 3.16.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-30065 busybox HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-42915 curl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 curl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-42915 libcurl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 libcurl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-2309 libxml2 HIGH 2.9.14-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-30065 ssl_client HIGH 1.35.0-r14 1.35.0-r15 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.6

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.6 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.8.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.6 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.6 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.8.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.6 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-42915 curl CRITICAL 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916 curl HIGH 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-42915 libcurl CRITICAL 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916 libcurl HIGH 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-2309 libxml2 HIGH 2.9.14-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.5

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.5 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.8.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.5 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.5 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-29244 npm HIGH 8.8.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.5 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-42915 curl CRITICAL 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916 curl HIGH 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-42915 libcurl CRITICAL 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916 libcurl HIGH 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-2309 libxml2 HIGH 2.9.14-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.4

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.4 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.4 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.4 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.4 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-42915 curl CRITICAL 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916 curl HIGH 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-27404 freetype CRITICAL 2.11.1-r0 2.11.1-r1 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-42915 libcurl CRITICAL 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916 libcurl HIGH 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-2309 libxml2 HIGH 2.9.13-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.13-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.13-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.3

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.3 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.3 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.3 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2022-29244 npm HIGH 8.5.0 8.11.0 https://avd.aquasec.com/nvd/cve-2022-29244

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.3 (alpine 3.15.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32207 curl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-42915 curl CRITICAL 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916 curl HIGH 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-27404 freetype CRITICAL 2.11.1-r0 2.11.1-r1 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.11.1-r0 2.11.1-r2 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-32207 libcurl CRITICAL 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-42915 libcurl CRITICAL 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-27780 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.80.0-r1 7.80.0-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42916 libcurl HIGH 7.80.0-r1 7.80.0-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-2309 libxml2 HIGH 2.9.13-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.13-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.13-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458 ncurses-libs HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.3_p20211120-r0 6.3_p20211120-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-1586 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587 pcre2 CRITICAL 10.39-r0 10.40-r0 https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.2

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.2 (alpine 3.15.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.2 (alpine 3.15.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.2 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.2.1

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.1 (alpine 3.15.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.1 (alpine 3.15.1)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client HIGH 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.1 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.2.0

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r7 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r7 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.34.1-r3 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.0 (alpine 3.15.0)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.4-r2 3.3.4-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r8 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.34.1-r4 1.34.1-r5 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.11.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210817164053-32db794688a5 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.0 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Latest 1.1.x Gloo Portal Release: v1.1.7

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.1.7 (alpine 3.15.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.7 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.7 (alpine 3.15.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/adminserver

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.7 (alpine 3.16.2)

Release v1.1.6

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.1.6 (alpine 3.15.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.6 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.6 (alpine 3.15.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.6 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-42915 curl CRITICAL 7.83.1-r3 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 curl HIGH 7.83.1-r3 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-42915 libcurl CRITICAL 7.83.1-r3 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 libcurl HIGH 7.83.1-r3 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-40303 libxml2 HIGH 2.9.14-r1 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r1 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304

Release v1.1.5

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.1.5 (alpine 3.15.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.5 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.5 (alpine 3.15.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-36085 github.com/open-policy-agent/opa CRITICAL v0.40.0 0.44.0 https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.40.0 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20220114011407-0dd24b26b47d 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-32149 golang.org/x/text HIGH v0.3.7 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.5 (alpine 3.16.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-42915 curl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 curl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-42915 libcurl CRITICAL 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916 libcurl HIGH 7.83.1-r2 7.83.1-r4 https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-2309 libxml2 HIGH 2.9.14-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.14-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304

Release v1.1.4

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-37434 zlib CRITICAL 1.2.12-r1 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.4 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.1.3

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.3 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.3 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.12-r0 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.3 (alpine 3.13.7)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207 curl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207 libcurl CRITICAL 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.79.1-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.79.1-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391 ssl_client HIGH 1.32.1-r7 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r7 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.1.2

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.2 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.2 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28391 busybox HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-28391 ssl_client HIGH 1.33.1-r6 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.2 (alpine 3.13.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 curl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 libcurl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.1.1

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.1 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.1 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.1 (alpine 3.13.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 curl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 libcurl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.1.0

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.0 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.0 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.0 (alpine 3.13.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 curl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 libcurl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Latest 1.0.x Gloo Portal Release: v1.0.5

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.5 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.5 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.5 (alpine 3.13.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 curl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 libcurl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.4

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.4 (ubuntu 18.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-0778 libssl1.1 HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 openssl HIGH 1.1.1-1ubuntu2.1~18.04.13 1.1.1-1ubuntu2.1~18.04.15 https://avd.aquasec.com/nvd/cve-2022-0778

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.4 (alpine 3.14.2)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libretls HIGH 3.3.3p1-r2 3.3.3p1-r3 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.33.1-r3 1.33.1-r6 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.33.1-r3 1.33.1-r7 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210614182718-04defd469f4e 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.6 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.6 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.4 (alpine 3.13.6)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 curl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946 libcurl HIGH 7.78.0-r0 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.78.0-r0 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.78.0-r0 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309 libxml2 HIGH 2.9.12-r0 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.12-r0 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.12-r0 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.3

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.3 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2021-27290 ssri HIGH 6.0.1 8.0.1, 7.1.1, 6.0.2 https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803 tar HIGH 4.4.13 6.1.2, 5.0.7, 4.4.15, 3.2.3 https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804 tar HIGH 4.4.13 6.1.1, 5.0.6, 4.4.14, 3.2.2 https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701 tar HIGH 4.4.13 6.1.7, 5.0.8, 4.4.16 https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774 y18n HIGH 4.0.0 5.0.5, 4.0.1, 3.2.2 https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20210520170846-37e1c6afe023 https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.5 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.5 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.3 (ubuntu 16.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-1971 libssl1.0.0 HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971 openssl HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.3 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778 libssl1.1 HIGH 1.1.1l-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2021-27290 ssri HIGH 6.0.1 8.0.1, 7.1.1, 6.0.2 https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803 tar HIGH 4.4.13 6.1.2, 5.0.7, 4.4.15, 3.2.3 https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804 tar HIGH 4.4.13 6.1.1, 5.0.6, 4.4.14, 3.2.2 https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701 tar HIGH 4.4.13 6.1.7, 5.0.8, 4.4.16 https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774 y18n HIGH 4.0.0 5.0.5, 4.0.1, 3.2.2 https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20210520170846-37e1c6afe023 https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.5 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.5 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.3 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 curl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 libcurl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-2309 libxml2 HIGH 2.9.10-r6 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.10-r6 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.10-r6 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.10-r6 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.2

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.2 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2021-27290 ssri HIGH 6.0.1 8.0.1, 7.1.1, 6.0.2 https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803 tar HIGH 4.4.13 6.1.2, 5.0.7, 4.4.15, 3.2.3 https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804 tar HIGH 4.4.13 6.1.1, 5.0.6, 4.4.14, 3.2.2 https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701 tar HIGH 4.4.13 6.1.7, 5.0.8, 4.4.16 https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774 y18n HIGH 4.0.0 5.0.5, 4.0.1, 3.2.2 https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20210520170846-37e1c6afe023 https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.5 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.5 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.2 (ubuntu 16.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-1971 libssl1.0.0 HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971 openssl HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.2 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2021-27290 ssri HIGH 6.0.1 8.0.1, 7.1.1, 6.0.2 https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803 tar HIGH 4.4.13 6.1.2, 5.0.7, 4.4.15, 3.2.3 https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804 tar HIGH 4.4.13 6.1.1, 5.0.6, 4.4.14, 3.2.2 https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701 tar HIGH 4.4.13 6.1.7, 5.0.8, 4.4.16 https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774 y18n HIGH 4.0.0 5.0.5, 4.0.1, 3.2.2 https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20210520170846-37e1c6afe023 https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.5 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.5 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.2 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 curl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 libcurl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-2309 libxml2 HIGH 2.9.10-r6 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.10-r6 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.10-r6 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.10-r6 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.1

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.1 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2021-27290 ssri HIGH 6.0.1 8.0.1, 7.1.1, 6.0.2 https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803 tar HIGH 4.4.13 6.1.2, 5.0.7, 4.4.15, 3.2.3 https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804 tar HIGH 4.4.13 6.1.1, 5.0.6, 4.4.14, 3.2.2 https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701 tar HIGH 4.4.13 6.1.7, 5.0.8, 4.4.16 https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774 y18n HIGH 4.0.0 5.0.5, 4.0.1, 3.2.2 https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20210520170846-37e1c6afe023 https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.5 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.5 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.1 (ubuntu 16.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-1971 libssl1.0.0 HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971 openssl HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.1 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.5-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2021-27290 ssri HIGH 6.0.1 8.0.1, 7.1.1, 6.0.2 https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803 tar HIGH 4.4.13 6.1.2, 5.0.7, 4.4.15, 3.2.3 https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804 tar HIGH 4.4.13 6.1.1, 5.0.6, 4.4.14, 3.2.2 https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701 tar HIGH 4.4.13 6.1.7, 5.0.8, 4.4.16 https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774 y18n HIGH 4.0.0 5.0.5, 4.0.1, 3.2.2 https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20210520170846-37e1c6afe023 https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.5 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.5 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.1 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 curl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 libcurl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-2309 libxml2 HIGH 2.9.10-r6 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.10-r6 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.10-r6 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.10-r6 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.0

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.0 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2021-27290 ssri HIGH 6.0.1 8.0.1, 7.1.1, 6.0.2 https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803 tar HIGH 4.4.13 6.1.2, 5.0.7, 4.4.15, 3.2.3 https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804 tar HIGH 4.4.13 6.1.1, 5.0.6, 4.4.14, 3.2.2 https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701 tar HIGH 4.4.13 6.1.7, 5.0.8, 4.4.16 https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774 y18n HIGH 4.0.0 5.0.5, 4.0.1, 3.2.2 https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-40083 github.com/labstack/echo CRITICAL v3.3.10+incompatible v4.9.0 https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20210520170846-37e1c6afe023 https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.5 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.5 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-31045 istio.io/istio CRITICAL v0.0.0-20210423173126-13fb8ac89420 1.12.18, 1.13.5, 1.14.1 https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.2 https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 v1.2.4 https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.9.8, 1.10.4, 1.11.1 https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635 istio.io/istio HIGH v0.0.0-20210423173126-13fb8ac89420 1.13.1, 1.11.7, 1.11.7 https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558 k8s.io/kubernetes HIGH v1.18.2 1.16.11, 1.17.7, 1.18.4 https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741 k8s.io/kubernetes HIGH v1.18.2 1.19.15, 1.20.11, 1.21.5, 1.22.2 https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.0 (ubuntu 16.04)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-1971 libssl1.0.0 HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971 openssl HIGH 1.0.2g-1ubuntu4.15 1.0.2g-1ubuntu4.18 https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.0 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.5-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-42378 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r6 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r6 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r6 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-3807 ansi-regex HIGH 3.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 4.1.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807 ansi-regex HIGH 5.0.0 3.0.1, 4.1.1, 5.0.1, 6.0.1 https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3918 json-schema CRITICAL 0.2.3 0.4.0 https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517 minimatch HIGH 3.0.4 3.0.5 https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906 minimist CRITICAL 1.2.5 1.2.6 https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2021-27290 ssri HIGH 6.0.1 8.0.1, 7.1.1, 6.0.2 https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803 tar HIGH 4.4.13 6.1.2, 5.0.7, 4.4.15, 3.2.3 https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804 tar HIGH 4.4.13 6.1.1, 5.0.6, 4.4.14, 3.2.2 https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701 tar HIGH 4.4.13 6.1.7, 5.0.8, 4.4.16 https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713 tar HIGH 4.4.13 6.1.9, 5.0.10, 4.4.18 https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774 y18n HIGH 4.0.0 5.0.5, 4.0.1, 3.2.2 https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2020-26160 github.com/dgrijalva/jwt-go HIGH v3.2.0+incompatible https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-28946 github.com/open-policy-agent/opa HIGH v0.29.4 0.40.0 https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082 github.com/open-policy-agent/opa HIGH v0.29.4 0.42.0 https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698 github.com/prometheus/client_golang HIGH v1.10.0 1.11.1 https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20211202192323-5770296d904e https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191 golang.org/x/crypto HIGH v0.0.0-20210513164829-c07d793c2f9a 0.0.0-20220314234659-1baeb1ce4c0b https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20210520170846-37e1c6afe023 https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20211209124913-491a49abca63 https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664 golang.org/x/net HIGH v0.0.0-20210405180319-a5a99cb37ef4 0.0.0-20220906165146-f3363e06e74c https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2021-38561 golang.org/x/text HIGH v0.3.5 0.3.7 https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149 golang.org/x/text HIGH v0.3.5 0.3.8 https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.0 (alpine 3.13.4)

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2021-36159 apk-tools CRITICAL 2.12.4-r0 2.12.6-r0 https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139 apk-tools HIGH 2.12.4-r0 2.12.5-r0 https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 busybox HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 busybox HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 busybox HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945 curl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 curl CRITICAL 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901 curl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 curl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 curl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 curl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 curl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 curl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404 freetype CRITICAL 2.10.4-r1 2.10.4-r2 https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406 freetype HIGH 2.10.4-r1 2.10.4-r3 https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2021-3711 libcrypto1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libcrypto1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945 libcurl CRITICAL 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207 libcurl CRITICAL 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901 libcurl HIGH 7.74.0-r1 7.77.0-r0 https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946 libcurl HIGH 7.74.0-r1 7.79.0-r0 https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576 libcurl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775 libcurl HIGH 7.74.0-r1 7.79.1-r1 https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781 libcurl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782 libcurl HIGH 7.74.0-r1 7.79.1-r2 https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2021-33560 libgcrypt HIGH 1.8.7-r0 1.8.8-r0 https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711 libssl1.1 CRITICAL 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712 libssl1.1 HIGH 1.1.1k-r0 1.1.1l-r0 https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778 libssl1.1 HIGH 1.1.1k-r0 1.1.1n-r0 https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518 libxml2 HIGH 2.9.10-r6 2.9.10-r7 https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-2309 libxml2 HIGH 2.9.10-r6 2.9.14-r1 https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308 libxml2 HIGH 2.9.10-r6 2.9.13-r0 https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303 libxml2 HIGH 2.9.10-r6 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304 libxml2 HIGH 2.9.10-r6 2.9.14-r2 https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560 libxslt HIGH 1.1.34-r0 1.1.35-r0 https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458 ncurses-libs HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458 ncurses-terminfo-base HIGH 6.2_p20210109-r0 6.2_p20210109-r1 https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386 ssl_client HIGH 1.32.1-r5 1.32.1-r7 https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391 ssl_client HIGH 1.32.1-r5 1.32.1-r8 https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065 ssl_client HIGH 1.32.1-r5 1.32.1-r9 https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271 xz-libs HIGH 5.2.5-r0 5.2.5-r1 https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434 zlib CRITICAL 1.2.11-r3 1.2.12-r2 https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032 zlib HIGH 1.2.11-r3 1.2.12-r0 https://avd.aquasec.com/nvd/cve-2018-25032