Navigation :

Security Updates

Portal container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.

Latest 1.4.x Gloo Portal Release: v1.4.6

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.4.6 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.4.6 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.4.6 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/adminserver

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.4.6 (alpine 3.20.3)

Release v1.4.5

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.4.5 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.4.5 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.4.5 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.4.5 (alpine 3.18.6)

Release v1.4.4

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.4.4 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.4.4 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.4.4 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.4.4 (alpine 3.18.6)

Release v1.4.3

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.4.3 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.4.3 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.4.3 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.4.3 (alpine 3.18.6)

Release v1.4.2

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.4.2 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.4.2 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.4.2 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.4.2 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197

Release v1.4.1

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.4.1 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.4.1 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.4.1 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.4.1 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197

Release v1.4.0

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.4.0 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.4.0 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.4.0 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.4.0 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-28757	libexpat	HIGH	2.6.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757

Latest 1.3.x Gloo Portal Release: v1.3.10

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.3.10 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.10 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.10 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.10 (alpine 3.20.3)

Release v1.3.9

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.3.9 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.9 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.9 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.9 (alpine 3.18.6)

Release v1.3.8

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.3.8 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.8 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.8 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.8 (alpine 3.18.6)

Release v1.3.7

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.3.7 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.7 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.7 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.7 (alpine 3.18.6)

Release v1.3.6

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.3.6 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.6 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.6 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.6 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197

Release v1.3.5

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.3.5 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.5 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.5 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.5 (alpine 3.18.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r1	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r1	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-25062	libxml2	HIGH	2.11.6-r0	2.11.7-r0	https://avd.aquasec.com/nvd/cve-2024-25062

Release v1.3.4

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.3.4 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.4 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.4 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.4 (alpine 3.18.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.4.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.4.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.4.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.4.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r1	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r1	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-25062	libxml2	HIGH	2.11.6-r0	2.11.7-r0	https://avd.aquasec.com/nvd/cve-2024-25062

Release v1.3.3

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.3.3 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.3 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.3 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.3 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.4.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.4.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.4.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.4.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r1	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r1	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-25062	libxml2	HIGH	2.11.4-r0	2.11.7-r0	https://avd.aquasec.com/nvd/cve-2024-25062

Release v1.3.2

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.3.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.51.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.2 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.51.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.2 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	curl	HIGH	8.2.1-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.2.1-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	libcurl	HIGH	8.2.1-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.2.1-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r0	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Release v1.3.1

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.3.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.51.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.1 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.51.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.1 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	curl	HIGH	8.1.2-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.1.2-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	libcurl	HIGH	8.1.2-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.1.2-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r0	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Release v1.3.0

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.3.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.51.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.3.0 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.3.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.51.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.3.0 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	curl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	curl	HIGH	7.88.1-r1	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	7.88.1-r1	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	libcurl	HIGH	7.88.1-r1	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	7.88.1-r1	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r0	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Latest 1.2.x Gloo Portal Release: v1.2.27

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.2.27 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.27 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.27 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.27 (alpine 3.20.3)

Release v1.2.26

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.2.26 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.26 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.26 (alpine 3.17.5)

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.26 (alpine 3.18.6)

Release v1.2.25

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.2.25 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.25 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.25 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.25 (alpine 3.18.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197

Release v1.2.24

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.2.24 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.24 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.24 (alpine 3.17.5)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.24 (alpine 3.18.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.5.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.5.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r1	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r1	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-25062	libxml2	HIGH	2.11.6-r0	2.11.7-r0	https://avd.aquasec.com/nvd/cve-2024-25062

Release v1.2.23

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.2.23 (alpine 3.17.4)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.23 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.23 (alpine 3.17.4)

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.23 (alpine 3.18.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-2398	curl	HIGH	8.4.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.4.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2024-2398	libcurl	HIGH	8.4.0-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.4.0-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r1	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r1	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2024-25062	libxml2	HIGH	2.11.4-r0	2.11.7-r0	https://avd.aquasec.com/nvd/cve-2024-25062

Release v1.2.22

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.22 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.22 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.22 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.22 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	curl	HIGH	8.2.1-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.2.1-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-5363	libcrypto3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.2.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.2.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	libcurl	HIGH	8.2.1-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.2.1-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r0	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2023-5363	libssl3	HIGH	3.0.10-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r1	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Release v1.2.21

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.21 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.21 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.21 (alpine 3.17.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.21 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	curl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	curl	HIGH	8.1.2-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.1.2-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-5363	libcrypto3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.1.2-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-38039	libcurl	HIGH	8.1.2-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	libcurl	HIGH	8.1.2-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.1.2-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r0	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2023-5363	libssl3	HIGH	3.0.9-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-4863	libwebp	HIGH	1.2.4-r2	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-43787	libx11	HIGH	1.8.4-r1	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Release v1.2.20

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.20 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.20 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	curl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	curl	HIGH	8.0.1-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	8.0.1-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	libcurl	HIGH	8.0.1-r0	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	8.0.1-r0	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r0	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2023-5363	libssl3	HIGH	3.0.8-r4	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Release v1.2.19

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.19 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.19 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.19 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.19 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	curl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	curl	HIGH	7.88.1-r1	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	7.88.1-r1	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	libcurl	HIGH	7.88.1-r1	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	7.88.1-r1	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r0	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2023-5363	libssl3	HIGH	3.0.8-r3	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Release v1.2.18

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.18 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.18 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.18 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-5363	libssl3	HIGH	3.0.8-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2023-39325	golang.org/x/net	HIGH	v0.7.0	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.18 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	curl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	curl	HIGH	7.88.1-r1	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	7.88.1-r1	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	libcurl	HIGH	7.88.1-r1	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	7.88.1-r1	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r0	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2023-5363	libssl3	HIGH	3.0.8-r1	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Release v1.2.17

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.17 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.1.1-0.20221104162952-702349b0e862	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.1.1-0.20221104162952-702349b0e862	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.17 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.17 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25883	semver	HIGH	7.3.8	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-41723	golang.org/x/net	HIGH	v0.1.1-0.20221104162952-702349b0e862	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.1.1-0.20221104162952-702349b0e862	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.17 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-38545	curl	CRITICAL	7.87.0-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.87.0-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.87.0-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	curl	HIGH	7.87.0-r2	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	curl	HIGH	7.87.0-r2	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libcrypto3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-38545	libcurl	CRITICAL	7.87.0-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.87.0-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.87.0-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2024-2398	libcurl	HIGH	7.87.0-r2	8.7.1-r0	https://avd.aquasec.com/nvd/cve-2024-2398
CVE-2024-6197	libcurl	HIGH	7.87.0-r2	8.9.0-r0	https://avd.aquasec.com/nvd/cve-2024-6197
CVE-2023-52425	libexpat	HIGH	2.5.0-r0	2.6.0-r0	https://avd.aquasec.com/nvd/cve-2023-52425
CVE-2024-28757	libexpat	HIGH	2.5.0-r0	2.6.2-r0	https://avd.aquasec.com/nvd/cve-2024-28757
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-5363	libssl3	HIGH	3.0.8-r0	3.0.12-r0	https://avd.aquasec.com/nvd/cve-2023-5363
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-43787	libx11	HIGH	1.8.4-r0	1.8.7-r0	https://avd.aquasec.com/nvd/cve-2023-43787
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-3970	tiff	HIGH	4.4.0-r1	4.4.0-r2	https://avd.aquasec.com/nvd/cve-2022-3970

Release v1.2.16

Gloo Portal gloo-portal-controller image

No scan found

Gloo Portal gloo-portal-admin-envoy image

No scan found

Gloo Portal gloo-portal-admin-server image

No scan found

Gloo Portal gloo-portal-admin-ui image

No scan found

Release v1.2.15

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.15 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.15 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.15 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.15 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.2.14

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.14 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.14 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.14 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.14 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r5	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r5	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-27533	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r5	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r5	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r5	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.2.13

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.13 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.13 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.13 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r1	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.13 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1s-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.2.12

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.12 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.12 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.12 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.12 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.2.11

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.11 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.11 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.11 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.11 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.2.10

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.10 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.10 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.10 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.49.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.10 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.83.1-r3	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r3	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r3	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r3	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r3	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r3	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r3	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r3	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r3	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r3	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r3	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r3	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.2.9

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.9 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-36085	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.43.1	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.46.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.9 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.9 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-36085	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.43.1	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.46.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.9 (alpine 3.16.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.2.8

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.8 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-36085	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.43.1	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.46.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.8 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.8 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-36085	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.43.1	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.46.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.8 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.7

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.7 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-36085	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.43.1	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.46.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.7 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.20	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.7 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-36085	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.43.1	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.46.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.7 (alpine 3.16.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-30065	busybox	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-42915	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.2-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.2-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-30065	ssl_client	HIGH	1.35.0-r14	1.35.0-r15	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.6

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.6 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-29244	npm	HIGH	8.8.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.6 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.17	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.17	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.6 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-29244	npm	HIGH	8.8.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.6 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32207	curl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	curl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.80.0-r1	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.80.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-27780	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42915	curl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.80.0-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.80.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r1	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42915	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.2-r0	1.2.2-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.2-r0	1.2.2-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.3_p20211120-r0	6.3_p20211120-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20211120-r0	6.3_p20211120-r2	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.3_p20211120-r0	6.3_p20211120-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20211120-r0	6.3_p20211120-r2	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.5

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.5 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-29244	npm	HIGH	8.8.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.5 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.17	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.17	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.5 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-29244	npm	HIGH	8.8.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244
CVE-2022-25883	semver	HIGH	7.3.7	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.5 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32207	curl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	curl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.80.0-r1	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.80.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-27780	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42915	curl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.80.0-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.80.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r1	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42915	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1o-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.2-r0	1.2.2-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.2-r0	1.2.2-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.3_p20211120-r0	6.3_p20211120-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20211120-r0	6.3_p20211120-r2	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.3_p20211120-r0	6.3_p20211120-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20211120-r0	6.3_p20211120-r2	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-41409	pcre2	HIGH	10.39-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.4

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.4 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244
CVE-2022-25883	semver	HIGH	7.3.5	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.4 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.4 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244
CVE-2022-25883	semver	HIGH	7.3.5	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.4 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32207	curl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	curl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.80.0-r1	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.80.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-27780	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42915	curl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.80.0-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.80.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-27404	freetype	CRITICAL	2.11.1-r0	2.11.1-r1	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.11.1-r0	2.11.1-r2	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.11.1-r0	2.11.1-r2	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r1	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42915	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.2-r0	1.2.2-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.2-r0	1.2.2-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.13-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.13-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.13-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.3_p20211120-r0	6.3_p20211120-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20211120-r0	6.3_p20211120-r2	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.3_p20211120-r0	6.3_p20211120-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20211120-r0	6.3_p20211120-r2	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-41409	pcre2	HIGH	10.39-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.3

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.3 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244
CVE-2022-25883	semver	HIGH	7.3.5	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.3 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.3 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2022-29244	npm	HIGH	8.5.0	8.11.0	https://avd.aquasec.com/nvd/cve-2022-29244
CVE-2022-25883	semver	HIGH	7.3.5	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.3 (alpine 3.15.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32207	curl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	curl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.80.0-r1	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	curl	CRITICAL	7.80.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-27780	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42915	curl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.80.0-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.80.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-27404	freetype	CRITICAL	2.11.1-r0	2.11.1-r1	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.11.1-r0	2.11.1-r2	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.11.1-r0	2.11.1-r2	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32207	libcurl	CRITICAL	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-32221	libcurl	CRITICAL	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.80.0-r1	7.80.0-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2023-38545	libcurl	CRITICAL	7.80.0-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-27780	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27780
CVE-2022-27781	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.80.0-r1	7.80.0-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-42915	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.80.0-r1	7.80.0-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.80.0-r1	7.80.0-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.80.0-r1	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.80.0-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.80.0-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.2-r0	1.2.2-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.2-r0	1.2.2-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.13-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.13-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.13-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2022-29458	ncurses-libs	HIGH	6.3_p20211120-r0	6.3_p20211120-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20211120-r0	6.3_p20211120-r2	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.3_p20211120-r0	6.3_p20211120-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20211120-r0	6.3_p20211120-r2	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.46.0-r0	1.46.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-1586	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1586
CVE-2022-1587	pcre2	CRITICAL	10.39-r0	10.40-r0	https://avd.aquasec.com/nvd/cve-2022-1587
CVE-2022-41409	pcre2	HIGH	10.39-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Release v1.2.2

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.2 (alpine 3.15.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.34.1-r4	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.4-r2	3.3.4-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-28391	ssl_client	HIGH	1.34.1-r4	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2022-25883	semver	HIGH	5.7.1	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.2 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.2 (alpine 3.15.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2022-25883	semver	HIGH	5.7.1	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.2 (alpine 3.13.7)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391	ssl_client	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.2.1

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.1 (alpine 3.15.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.34.1-r4	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.4-r2	3.3.4-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-28391	ssl_client	HIGH	1.34.1-r4	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2022-25883	semver	HIGH	5.7.1	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.1 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.1 (alpine 3.15.1)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.34.1-r4	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-28391	ssl_client	HIGH	1.34.1-r4	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2022-25883	semver	HIGH	5.7.1	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.1 (alpine 3.13.7)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391	ssl_client	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.2.0

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.2.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.34.1-r3	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r7	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r7	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r7	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r7	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r7	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.4-r2	3.3.4-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r7	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r7	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r7	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r7	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r7	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-28391	ssl_client	HIGH	1.34.1-r3	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2022-25883	semver	HIGH	5.7.1	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.2.0 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.2.0 (alpine 3.15.0)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.34.1-r4	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r8	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r8	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r8	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r8	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r8	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.4-r2	3.3.4-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r8	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r8	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r8	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r8	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r8	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-28391	ssl_client	HIGH	1.34.1-r4	1.34.1-r5	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2022-25883	semver	HIGH	5.7.1	7.5.2, 6.3.1, 5.7.2	https://avd.aquasec.com/nvd/cve-2022-25883

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2024-27289	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2	https://avd.aquasec.com/nvd/cve-2024-27289
CVE-2024-27304	github.com/jackc/pgx	HIGH	v3.6.2+incompatible	4.18.2, 5.5.4	https://avd.aquasec.com/nvd/cve-2024-27304
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.11.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210817164053-32db794688a5	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2023-39325	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.17.0	https://avd.aquasec.com/nvd/cve-2023-39325
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
GHSA-m425-mq94-257g	google.golang.org/grpc	HIGH	v1.44.0	1.56.3, 1.57.1, 1.58.3	https://github.com/advisories/GHSA-m425-mq94-257g
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.2.0 (alpine 3.13.7)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391	ssl_client	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Latest 1.1.x Gloo Portal Release: v1.1.11

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.1.11 (alpine 3.17.3)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.11 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.11 (alpine 3.17.3)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/adminserver

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.11 (alpine 3.17.3)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-28319	curl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	curl	HIGH	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	8.0.1-r0	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	8.0.1-r0	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	libcurl	HIGH	8.0.1-r0	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Release v1.1.10

Gloo Portal gloo-portal-controller image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-controller:1.1.10 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/gloo-portal-controller

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.10 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.10 (alpine 3.17.2)

No Vulnerabilities Found for Node.js

No Vulnerabilities Found for usr/local/bin/adminserver

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.10 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-28319	curl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	curl	HIGH	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-28319	libcurl	HIGH	7.88.1-r1	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.88.1-r1	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	libcurl	HIGH	7.88.1-r1	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487

Release v1.1.9

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.9 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.1.1-0.20221104162952-702349b0e862	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Portal gloo-portal-admin-envoy image

No Vulnerabilities Found for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.9 (ubuntu 18.04)

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.9 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464

No Vulnerabilities Found for Node.js

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41723	golang.org/x/net	HIGH	v0.1.1-0.20221104162952-702349b0e862	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.9 (alpine 3.17.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-27533	curl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.87.0-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.87.0-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	curl	HIGH	7.87.0-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-0464	libcrypto3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-27533	libcurl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.87.0-r2	7.88.1-r1	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.87.0-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.87.0-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	libcurl	HIGH	7.87.0-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2023-0464	libssl3	HIGH	3.0.8-r0	3.0.8-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.4-r1	1.2.4-r2	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.4-r1	1.2.4-r3	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-3138	libx11	HIGH	1.8.4-r0	1.8.4-r1	https://avd.aquasec.com/nvd/cve-2023-3138
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20221119-r0	6.3_p20221119-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2023-44487	nghttp2-libs	HIGH	1.51.0-r0	1.51.0-r2	https://avd.aquasec.com/nvd/cve-2023-44487
CVE-2022-3970	tiff	HIGH	4.4.0-r1	4.4.0-r2	https://avd.aquasec.com/nvd/cve-2022-3970

Release v1.1.8

Gloo Portal gloo-portal-controller image

No scan found

Gloo Portal gloo-portal-admin-envoy image

No scan found

Gloo Portal gloo-portal-admin-server image

No scan found

Gloo Portal gloo-portal-admin-ui image

No scan found

Release v1.1.7

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.7 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.7 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.7 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.7 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-23914	curl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2022-43551	curl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	curl	HIGH	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r4	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2022-43551	libcurl	HIGH	7.83.1-r4	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r4	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r4	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r4	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	libcurl	HIGH	7.83.1-r4	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.1.6

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.6 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.6 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.6 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-41721	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.1.1-0.20221104162952-702349b0e862	https://avd.aquasec.com/nvd/cve-2022-41721
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220906165146-f3363e06e74c	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.6 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.83.1-r3	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2022-42915	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r3	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r3	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r3	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r3	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	curl	HIGH	7.83.1-r3	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r3	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2022-42915	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r3	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r3	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r3	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r3	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r3	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r3	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	libcurl	HIGH	7.83.1-r3	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-40303	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r1	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.1.5

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.5 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-36085	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.43.1	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.5 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.15	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.5 (alpine 3.15.5)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r2	https://avd.aquasec.com/nvd/cve-2023-0464

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	4.1.0	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-36085	github.com/open-policy-agent/opa	HIGH	v0.40.0	0.43.1	https://avd.aquasec.com/nvd/cve-2022-36085
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20220114011407-0dd24b26b47d	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.7	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.5 (alpine 3.16.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-32221	curl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	curl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2022-42915	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	curl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	curl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	curl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	curl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	curl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	curl	HIGH	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-32221	libcurl	CRITICAL	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-32221
CVE-2023-23914	libcurl	CRITICAL	7.83.1-r2	7.83.1-r6	https://avd.aquasec.com/nvd/cve-2023-23914
CVE-2022-42915	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42915
CVE-2022-42916	libcurl	HIGH	7.83.1-r2	7.83.1-r4	https://avd.aquasec.com/nvd/cve-2022-42916
CVE-2022-43551	libcurl	HIGH	7.83.1-r2	7.83.1-r5	https://avd.aquasec.com/nvd/cve-2022-43551
CVE-2023-27533	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27533
CVE-2023-27534	libcurl	HIGH	7.83.1-r2	8.0.1-r0	https://avd.aquasec.com/nvd/cve-2023-27534
CVE-2023-28319	libcurl	HIGH	7.83.1-r2	8.1.0-r0	https://avd.aquasec.com/nvd/cve-2023-28319
CVE-2023-38039	libcurl	HIGH	7.83.1-r2	8.3.0-r0	https://avd.aquasec.com/nvd/cve-2023-38039
CVE-2023-38545	libcurl	HIGH	7.83.1-r2	8.4.0-r0	https://avd.aquasec.com/nvd/cve-2023-38545
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2023-1999	libwebp	HIGH	1.2.3-r0	1.2.3-r1	https://avd.aquasec.com/nvd/cve-2023-1999
CVE-2023-4863	libwebp	HIGH	1.2.3-r0	1.2.3-r2	https://avd.aquasec.com/nvd/cve-2023-4863
CVE-2022-2309	libxml2	HIGH	2.9.14-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-40303	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.14-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2023-29491	ncurses-libs	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-29491	ncurses-terminfo-base	HIGH	6.3_p20220521-r0	6.3_p20220521-r1	https://avd.aquasec.com/nvd/cve-2023-29491
CVE-2023-35945	nghttp2-libs	HIGH	1.47.0-r0	1.47.0-r1	https://avd.aquasec.com/nvd/cve-2023-35945
CVE-2022-41409	pcre2	HIGH	10.40-r0	10.42-r0	https://avd.aquasec.com/nvd/cve-2022-41409

Release v1.1.4

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.4 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.4 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.4 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1q-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-37434	zlib	CRITICAL	1.2.12-r1	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.4 (alpine 3.13.7)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391	ssl_client	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.1.3

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.3 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.3 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.3 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.33.1-r6	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1n-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-4450	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1n-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-28391	ssl_client	HIGH	1.33.1-r6	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.12-r0	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.3 (alpine 3.13.7)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-32207	curl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-32207	libcurl	CRITICAL	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2022-22576	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.79.1-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.79.1-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-28391	ssl_client	HIGH	1.32.1-r7	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r7	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.1.2

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.2 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.2 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.2 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28391	busybox	HIGH	1.33.1-r6	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-28391	ssl_client	HIGH	1.33.1-r6	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.2 (alpine 3.13.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945	curl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	curl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	curl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945	libcurl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	libcurl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	libcurl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.1.1

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.1 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.1 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.1 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.1 (alpine 3.13.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945	curl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	curl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	curl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945	libcurl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	libcurl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	libcurl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.1.0

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.1.0 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.1.13, 1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2021-39156	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39156
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.12.4, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.18.4, 1.17.7, 1.16.11	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.1.0 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.1.0 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	6.0.1, 5.0.1, 4.1.1, 3.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	1.2.6, 0.2.4	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.10.3, 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, 6.2.4	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.1.0 (alpine 3.13.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945	curl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	curl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	curl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945	libcurl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	libcurl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	libcurl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Latest 1.0.x Gloo Portal Release: v1.0.5

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.5 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40083	github.com/labstack/echo	CRITICAL	v3.3.10+incompatible	v4.9.0	https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2022-31045	istio.io/istio	CRITICAL	v0.0.0-20210423173126-13fb8ac89420	1.12.18, 1.13.5, 1.14.1	https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.2	https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.11.7, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.16.11, 1.17.7, 1.18.4	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2022-3294	k8s.io/kubernetes	HIGH	v1.18.2	1.22.16, 1.23.14, 1.24.8, 1.25.4	https://avd.aquasec.com/nvd/cve-2022-3294

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.5 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.5 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.5 (alpine 3.13.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945	curl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	curl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	curl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945	libcurl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	libcurl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	libcurl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.4

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.4 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-40083	github.com/labstack/echo	CRITICAL	v3.3.10+incompatible	v4.9.0	https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2022-31045	istio.io/istio	CRITICAL	v0.0.0-20210423173126-13fb8ac89420	1.12.18, 1.13.5, 1.14.1	https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.2	https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.11.7, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.16.11, 1.17.7, 1.18.4	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2022-3294	k8s.io/kubernetes	HIGH	v1.18.2	1.22.16, 1.23.14, 1.24.8, 1.25.4	https://avd.aquasec.com/nvd/cve-2022-3294

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.4 (ubuntu 18.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-0778	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	libssl1.1	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2022-0778	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.15	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2023-0286	openssl	HIGH	1.1.1-1ubuntu2.1~18.04.13	1.1.1-1ubuntu2.1~18.04.21	https://avd.aquasec.com/nvd/cve-2023-0286

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.4 (alpine 3.14.2)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2022-0778	libretls	HIGH	3.3.3p1-r2	3.3.3p1-r3	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-4450	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2022-4450
CVE-2023-0215	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0215
CVE-2023-0286	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r0	https://avd.aquasec.com/nvd/cve-2023-0286
CVE-2023-0464	libssl1.1	HIGH	1.1.1l-r0	1.1.1t-r1	https://avd.aquasec.com/nvd/cve-2023-0464
CVE-2021-42378	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.33.1-r3	1.33.1-r6	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.33.1-r3	1.33.1-r7	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210614182718-04defd469f4e	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.6	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.6	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.4 (alpine 3.13.6)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945	curl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	curl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	curl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945	libcurl	CRITICAL	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	libcurl	CRITICAL	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22946	libcurl	HIGH	7.78.0-r0	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.78.0-r0	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.78.0-r0	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-2309	libxml2	HIGH	2.9.12-r0	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.12-r0	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.12-r0	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.3

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.3 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.4-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139	apk-tools	HIGH	2.12.4-r0	2.12.5-r0	https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2021-27290	ssri	HIGH	6.0.1	8.0.1, 7.1.1, 6.0.2	https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803	tar	HIGH	4.4.13	6.1.2, 5.0.7, 4.4.15, 3.2.3	https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804	tar	HIGH	4.4.13	6.1.1, 5.0.6, 4.4.14, 3.2.2	https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701	tar	HIGH	4.4.13	6.1.7, 5.0.8, 4.4.16	https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774	y18n	HIGH	4.0.0	5.0.5, 4.0.1, 3.2.2	https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-40083	github.com/labstack/echo	CRITICAL	v3.3.10+incompatible	v4.9.0	https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20210520170846-37e1c6afe023	https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.5	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.5	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2022-31045	istio.io/istio	CRITICAL	v0.0.0-20210423173126-13fb8ac89420	1.12.18, 1.13.5, 1.14.1	https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.2	https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.11.7, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.16.11, 1.17.7, 1.18.4	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2022-3294	k8s.io/kubernetes	HIGH	v1.18.2	1.22.16, 1.23.14, 1.24.8, 1.25.4	https://avd.aquasec.com/nvd/cve-2022-3294

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.3 (ubuntu 16.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-1971	libssl1.0.0	HIGH	1.0.2g-1ubuntu4.15	1.0.2g-1ubuntu4.18	https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971	openssl	HIGH	1.0.2g-1ubuntu4.15	1.0.2g-1ubuntu4.18	https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.3 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2022-0778	libssl1.1	HIGH	1.1.1l-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2021-27290	ssri	HIGH	6.0.1	8.0.1, 7.1.1, 6.0.2	https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803	tar	HIGH	4.4.13	6.1.2, 5.0.7, 4.4.15, 3.2.3	https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804	tar	HIGH	4.4.13	6.1.1, 5.0.6, 4.4.14, 3.2.2	https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701	tar	HIGH	4.4.13	6.1.7, 5.0.8, 4.4.16	https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774	y18n	HIGH	4.0.0	5.0.5, 4.0.1, 3.2.2	https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20210520170846-37e1c6afe023	https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.5	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.5	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.3 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.4-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139	apk-tools	HIGH	2.12.4-r0	2.12.5-r0	https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945	curl	CRITICAL	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	curl	CRITICAL	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901	curl	HIGH	7.74.0-r1	7.77.0-r0	https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946	curl	HIGH	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	curl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945	libcurl	CRITICAL	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	libcurl	CRITICAL	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901	libcurl	HIGH	7.74.0-r1	7.77.0-r0	https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946	libcurl	HIGH	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	libcurl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2021-33560	libgcrypt	HIGH	1.8.7-r0	1.8.8-r0	https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517	libxml2	HIGH	2.9.10-r6	2.9.10-r7	https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518	libxml2	HIGH	2.9.10-r6	2.9.10-r7	https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-2309	libxml2	HIGH	2.9.10-r6	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.10-r6	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.10-r6	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.10-r6	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.2

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.2 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.4-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139	apk-tools	HIGH	2.12.4-r0	2.12.5-r0	https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2021-27290	ssri	HIGH	6.0.1	8.0.1, 7.1.1, 6.0.2	https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803	tar	HIGH	4.4.13	6.1.2, 5.0.7, 4.4.15, 3.2.3	https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804	tar	HIGH	4.4.13	6.1.1, 5.0.6, 4.4.14, 3.2.2	https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701	tar	HIGH	4.4.13	6.1.7, 5.0.8, 4.4.16	https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774	y18n	HIGH	4.0.0	5.0.5, 4.0.1, 3.2.2	https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-40083	github.com/labstack/echo	CRITICAL	v3.3.10+incompatible	v4.9.0	https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20210520170846-37e1c6afe023	https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.5	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.5	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2022-31045	istio.io/istio	CRITICAL	v0.0.0-20210423173126-13fb8ac89420	1.12.18, 1.13.5, 1.14.1	https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.2	https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.11.7, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.16.11, 1.17.7, 1.18.4	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2022-3294	k8s.io/kubernetes	HIGH	v1.18.2	1.22.16, 1.23.14, 1.24.8, 1.25.4	https://avd.aquasec.com/nvd/cve-2022-3294

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.2 (ubuntu 16.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-1971	libssl1.0.0	HIGH	1.0.2g-1ubuntu4.15	1.0.2g-1ubuntu4.18	https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971	openssl	HIGH	1.0.2g-1ubuntu4.15	1.0.2g-1ubuntu4.18	https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.2 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-42378	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2021-27290	ssri	HIGH	6.0.1	8.0.1, 7.1.1, 6.0.2	https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803	tar	HIGH	4.4.13	6.1.2, 5.0.7, 4.4.15, 3.2.3	https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804	tar	HIGH	4.4.13	6.1.1, 5.0.6, 4.4.14, 3.2.2	https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701	tar	HIGH	4.4.13	6.1.7, 5.0.8, 4.4.16	https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774	y18n	HIGH	4.0.0	5.0.5, 4.0.1, 3.2.2	https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20210520170846-37e1c6afe023	https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.5	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.5	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.2 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.4-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139	apk-tools	HIGH	2.12.4-r0	2.12.5-r0	https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945	curl	CRITICAL	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	curl	CRITICAL	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901	curl	HIGH	7.74.0-r1	7.77.0-r0	https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946	curl	HIGH	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	curl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945	libcurl	CRITICAL	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	libcurl	CRITICAL	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901	libcurl	HIGH	7.74.0-r1	7.77.0-r0	https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946	libcurl	HIGH	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	libcurl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2021-33560	libgcrypt	HIGH	1.8.7-r0	1.8.8-r0	https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517	libxml2	HIGH	2.9.10-r6	2.9.10-r7	https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518	libxml2	HIGH	2.9.10-r6	2.9.10-r7	https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-2309	libxml2	HIGH	2.9.10-r6	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.10-r6	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.10-r6	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.10-r6	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.1

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.1 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.4-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139	apk-tools	HIGH	2.12.4-r0	2.12.5-r0	https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2021-27290	ssri	HIGH	6.0.1	8.0.1, 7.1.1, 6.0.2	https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803	tar	HIGH	4.4.13	6.1.2, 5.0.7, 4.4.15, 3.2.3	https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804	tar	HIGH	4.4.13	6.1.1, 5.0.6, 4.4.14, 3.2.2	https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701	tar	HIGH	4.4.13	6.1.7, 5.0.8, 4.4.16	https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774	y18n	HIGH	4.0.0	5.0.5, 4.0.1, 3.2.2	https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-40083	github.com/labstack/echo	CRITICAL	v3.3.10+incompatible	v4.9.0	https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20210520170846-37e1c6afe023	https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.5	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.5	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2022-31045	istio.io/istio	CRITICAL	v0.0.0-20210423173126-13fb8ac89420	1.12.18, 1.13.5, 1.14.1	https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.2	https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.11.7, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.16.11, 1.17.7, 1.18.4	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2022-3294	k8s.io/kubernetes	HIGH	v1.18.2	1.22.16, 1.23.14, 1.24.8, 1.25.4	https://avd.aquasec.com/nvd/cve-2022-3294

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.1 (ubuntu 16.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-1971	libssl1.0.0	HIGH	1.0.2g-1ubuntu4.15	1.0.2g-1ubuntu4.18	https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971	openssl	HIGH	1.0.2g-1ubuntu4.15	1.0.2g-1ubuntu4.18	https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.1 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.5-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-42378	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2021-27290	ssri	HIGH	6.0.1	8.0.1, 7.1.1, 6.0.2	https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803	tar	HIGH	4.4.13	6.1.2, 5.0.7, 4.4.15, 3.2.3	https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804	tar	HIGH	4.4.13	6.1.1, 5.0.6, 4.4.14, 3.2.2	https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701	tar	HIGH	4.4.13	6.1.7, 5.0.8, 4.4.16	https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774	y18n	HIGH	4.0.0	5.0.5, 4.0.1, 3.2.2	https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20210520170846-37e1c6afe023	https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.5	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.5	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.1 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.4-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139	apk-tools	HIGH	2.12.4-r0	2.12.5-r0	https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945	curl	CRITICAL	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	curl	CRITICAL	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901	curl	HIGH	7.74.0-r1	7.77.0-r0	https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946	curl	HIGH	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	curl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945	libcurl	CRITICAL	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	libcurl	CRITICAL	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901	libcurl	HIGH	7.74.0-r1	7.77.0-r0	https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946	libcurl	HIGH	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	libcurl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2021-33560	libgcrypt	HIGH	1.8.7-r0	1.8.8-r0	https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517	libxml2	HIGH	2.9.10-r6	2.9.10-r7	https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518	libxml2	HIGH	2.9.10-r6	2.9.10-r7	https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-2309	libxml2	HIGH	2.9.10-r6	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.10-r6	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.10-r6	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.10-r6	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Release v1.0.0

Gloo Portal gloo-portal-controller image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-controller:1.0.0 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.4-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139	apk-tools	HIGH	2.12.4-r0	2.12.5-r0	https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2021-27290	ssri	HIGH	6.0.1	8.0.1, 7.1.1, 6.0.2	https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803	tar	HIGH	4.4.13	6.1.2, 5.0.7, 4.4.15, 3.2.3	https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804	tar	HIGH	4.4.13	6.1.1, 5.0.6, 4.4.14, 3.2.2	https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701	tar	HIGH	4.4.13	6.1.7, 5.0.8, 4.4.16	https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774	y18n	HIGH	4.0.0	5.0.5, 4.0.1, 3.2.2	https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/gloo-portal-controller

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-40083	github.com/labstack/echo	CRITICAL	v3.3.10+incompatible	v4.9.0	https://avd.aquasec.com/nvd/cve-2022-40083
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20210520170846-37e1c6afe023	https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.5	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.5	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948
CVE-2022-31045	istio.io/istio	CRITICAL	v0.0.0-20210423173126-13fb8ac89420	1.12.18, 1.13.5, 1.14.1	https://avd.aquasec.com/nvd/cve-2022-31045
CVE-2019-12995	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.2	https://avd.aquasec.com/nvd/cve-2019-12995
CVE-2019-14993	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	v1.2.4	https://avd.aquasec.com/nvd/cve-2019-14993
CVE-2021-39155	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.9.8, 1.10.4, 1.11.1	https://avd.aquasec.com/nvd/cve-2021-39155
CVE-2022-23635	istio.io/istio	HIGH	v0.0.0-20210423173126-13fb8ac89420	1.13.1, 1.11.7, 1.11.7	https://avd.aquasec.com/nvd/cve-2022-23635
CVE-2020-8558	k8s.io/kubernetes	HIGH	v1.18.2	1.16.11, 1.17.7, 1.18.4	https://avd.aquasec.com/nvd/cve-2020-8558
CVE-2021-25741	k8s.io/kubernetes	HIGH	v1.18.2	1.19.15, 1.20.11, 1.21.5, 1.22.2	https://avd.aquasec.com/nvd/cve-2021-25741
CVE-2022-3294	k8s.io/kubernetes	HIGH	v1.18.2	1.22.16, 1.23.14, 1.24.8, 1.25.4	https://avd.aquasec.com/nvd/cve-2022-3294

Gloo Portal gloo-portal-admin-envoy image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-envoy:1.0.0 (ubuntu 16.04)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-1971	libssl1.0.0	HIGH	1.0.2g-1ubuntu4.15	1.0.2g-1ubuntu4.18	https://avd.aquasec.com/nvd/cve-2020-1971
CVE-2020-1971	openssl	HIGH	1.0.2g-1ubuntu4.15	1.0.2g-1ubuntu4.18	https://avd.aquasec.com/nvd/cve-2020-1971

Gloo Portal gloo-portal-admin-server image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-server:1.0.0 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.5-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-42378	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-42378	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r6	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r6	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r6	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032

Vulnerabilities Listed for Node.js

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-3807	ansi-regex	HIGH	3.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	4.1.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2021-3807	ansi-regex	HIGH	5.0.0	3.0.1, 4.1.1, 5.0.1, 6.0.1	https://avd.aquasec.com/nvd/cve-2021-3807
CVE-2022-38900	decode-uri-component	HIGH	0.2.0	0.2.1	https://avd.aquasec.com/nvd/cve-2022-38900
CVE-2022-25881	http-cache-semantics	HIGH	3.8.1	4.1.1	https://avd.aquasec.com/nvd/cve-2022-25881
CVE-2021-3918	json-schema	CRITICAL	0.2.3	0.4.0	https://avd.aquasec.com/nvd/cve-2021-3918
CVE-2022-3517	minimatch	HIGH	3.0.4	3.0.5	https://avd.aquasec.com/nvd/cve-2022-3517
CVE-2021-44906	minimist	CRITICAL	1.2.5	0.2.4, 1.2.6	https://avd.aquasec.com/nvd/cve-2021-44906
CVE-2022-24999	qs	HIGH	6.5.2	6.2.4, 6.3.3, 6.4.1, 6.5.3, 6.6.1, 6.7.3, 6.8.3, 6.9.7, 6.10.3	https://avd.aquasec.com/nvd/cve-2022-24999
CVE-2021-27290	ssri	HIGH	6.0.1	8.0.1, 7.1.1, 6.0.2	https://avd.aquasec.com/nvd/cve-2021-27290
CVE-2021-32803	tar	HIGH	4.4.13	6.1.2, 5.0.7, 4.4.15, 3.2.3	https://avd.aquasec.com/nvd/cve-2021-32803
CVE-2021-32804	tar	HIGH	4.4.13	6.1.1, 5.0.6, 4.4.14, 3.2.2	https://avd.aquasec.com/nvd/cve-2021-32804
CVE-2021-37701	tar	HIGH	4.4.13	6.1.7, 5.0.8, 4.4.16	https://avd.aquasec.com/nvd/cve-2021-37701
CVE-2021-37712	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37712
CVE-2021-37713	tar	HIGH	4.4.13	6.1.9, 5.0.10, 4.4.18	https://avd.aquasec.com/nvd/cve-2021-37713
CVE-2020-7774	y18n	HIGH	4.0.0	5.0.5, 4.0.1, 3.2.2	https://avd.aquasec.com/nvd/cve-2020-7774

Vulnerabilities Listed for usr/local/bin/adminserver

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2020-26160	github.com/dgrijalva/jwt-go	HIGH	v3.2.0+incompatible		https://avd.aquasec.com/nvd/cve-2020-26160
CVE-2022-28946	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.40.0	https://avd.aquasec.com/nvd/cve-2022-28946
CVE-2022-33082	github.com/open-policy-agent/opa	HIGH	v0.29.4	0.42.0	https://avd.aquasec.com/nvd/cve-2022-33082
CVE-2022-21698	github.com/prometheus/client_golang	HIGH	v1.10.0	1.11.1	https://avd.aquasec.com/nvd/cve-2022-21698
CVE-2021-43565	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20211202192323-5770296d904e	https://avd.aquasec.com/nvd/cve-2021-43565
CVE-2022-27191	golang.org/x/crypto	HIGH	v0.0.0-20210513164829-c07d793c2f9a	0.0.0-20220314234659-1baeb1ce4c0b	https://avd.aquasec.com/nvd/cve-2022-27191
CVE-2021-33194	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20210520170846-37e1c6afe023	https://avd.aquasec.com/nvd/cve-2021-33194
CVE-2021-44716	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20211209124913-491a49abca63	https://avd.aquasec.com/nvd/cve-2021-44716
CVE-2022-27664	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.0.0-20220906165146-f3363e06e74c	https://avd.aquasec.com/nvd/cve-2022-27664
CVE-2022-41723	golang.org/x/net	HIGH	v0.0.0-20210405180319-a5a99cb37ef4	0.7.0	https://avd.aquasec.com/nvd/cve-2022-41723
CVE-2021-38561	golang.org/x/text	HIGH	v0.3.5	0.3.7	https://avd.aquasec.com/nvd/cve-2021-38561
CVE-2022-32149	golang.org/x/text	HIGH	v0.3.5	0.3.8	https://avd.aquasec.com/nvd/cve-2022-32149
CVE-2022-28948	gopkg.in/yaml.v3	HIGH	v3.0.0-20200615113413-eeeca48fe776	3.0.0-20220521103104-8f96da9f5d5e	https://avd.aquasec.com/nvd/cve-2022-28948

Gloo Portal gloo-portal-admin-ui image

Vulnerabilities Listed for gcr.io/gloo-portal/gloo-portal-admin-ui:1.0.0 (alpine 3.13.4)

Vulnerability ID	Package	Severity	Installed Version	Fixed Version	Reference
CVE-2021-36159	apk-tools	CRITICAL	2.12.4-r0	2.12.6-r0	https://avd.aquasec.com/nvd/cve-2021-36159
CVE-2021-30139	apk-tools	HIGH	2.12.4-r0	2.12.5-r0	https://avd.aquasec.com/nvd/cve-2021-30139
CVE-2021-42378	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	busybox	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	busybox	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	busybox	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2021-22945	curl	CRITICAL	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	curl	CRITICAL	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901	curl	HIGH	7.74.0-r1	7.77.0-r0	https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946	curl	HIGH	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	curl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	curl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	curl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	curl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2022-27404	freetype	CRITICAL	2.10.4-r1	2.10.4-r2	https://avd.aquasec.com/nvd/cve-2022-27404
CVE-2022-27405	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27405
CVE-2022-27406	freetype	HIGH	2.10.4-r1	2.10.4-r3	https://avd.aquasec.com/nvd/cve-2022-27406
CVE-2021-3711	libcrypto1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libcrypto1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-22945	libcurl	CRITICAL	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22945
CVE-2022-32207	libcurl	CRITICAL	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-32207
CVE-2021-22901	libcurl	HIGH	7.74.0-r1	7.77.0-r0	https://avd.aquasec.com/nvd/cve-2021-22901
CVE-2021-22946	libcurl	HIGH	7.74.0-r1	7.79.0-r0	https://avd.aquasec.com/nvd/cve-2021-22946
CVE-2022-22576	libcurl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-22576
CVE-2022-27775	libcurl	HIGH	7.74.0-r1	7.79.1-r1	https://avd.aquasec.com/nvd/cve-2022-27775
CVE-2022-27781	libcurl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27781
CVE-2022-27782	libcurl	HIGH	7.74.0-r1	7.79.1-r2	https://avd.aquasec.com/nvd/cve-2022-27782
CVE-2021-33560	libgcrypt	HIGH	1.8.7-r0	1.8.8-r0	https://avd.aquasec.com/nvd/cve-2021-33560
CVE-2021-3711	libssl1.1	CRITICAL	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3711
CVE-2021-3712	libssl1.1	HIGH	1.1.1k-r0	1.1.1l-r0	https://avd.aquasec.com/nvd/cve-2021-3712
CVE-2022-0778	libssl1.1	HIGH	1.1.1k-r0	1.1.1n-r0	https://avd.aquasec.com/nvd/cve-2022-0778
CVE-2021-3517	libxml2	HIGH	2.9.10-r6	2.9.10-r7	https://avd.aquasec.com/nvd/cve-2021-3517
CVE-2021-3518	libxml2	HIGH	2.9.10-r6	2.9.10-r7	https://avd.aquasec.com/nvd/cve-2021-3518
CVE-2022-2309	libxml2	HIGH	2.9.10-r6	2.9.14-r1	https://avd.aquasec.com/nvd/cve-2022-2309
CVE-2022-23308	libxml2	HIGH	2.9.10-r6	2.9.13-r0	https://avd.aquasec.com/nvd/cve-2022-23308
CVE-2022-40303	libxml2	HIGH	2.9.10-r6	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40303
CVE-2022-40304	libxml2	HIGH	2.9.10-r6	2.9.14-r2	https://avd.aquasec.com/nvd/cve-2022-40304
CVE-2021-30560	libxslt	HIGH	1.1.34-r0	1.1.35-r0	https://avd.aquasec.com/nvd/cve-2021-30560
CVE-2022-29458	ncurses-libs	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2022-29458	ncurses-terminfo-base	HIGH	6.2_p20210109-r0	6.2_p20210109-r1	https://avd.aquasec.com/nvd/cve-2022-29458
CVE-2021-42378	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42378
CVE-2021-42379	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42379
CVE-2021-42380	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42380
CVE-2021-42381	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42381
CVE-2021-42382	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42382
CVE-2021-42383	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42383
CVE-2021-42384	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42384
CVE-2021-42385	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42385
CVE-2021-42386	ssl_client	HIGH	1.32.1-r5	1.32.1-r7	https://avd.aquasec.com/nvd/cve-2021-42386
CVE-2022-28391	ssl_client	HIGH	1.32.1-r5	1.32.1-r8	https://avd.aquasec.com/nvd/cve-2022-28391
CVE-2022-30065	ssl_client	HIGH	1.32.1-r5	1.32.1-r9	https://avd.aquasec.com/nvd/cve-2022-30065
CVE-2022-1271	xz-libs	HIGH	5.2.5-r0	5.2.5-r1	https://avd.aquasec.com/nvd/cve-2022-1271
CVE-2022-37434	zlib	CRITICAL	1.2.11-r3	1.2.12-r2	https://avd.aquasec.com/nvd/cve-2022-37434
CVE-2018-25032	zlib	HIGH	1.2.11-r3	1.2.12-r0	https://avd.aquasec.com/nvd/cve-2018-25032