Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Alert: 1.16.22 #10431

Closed
soloio-bot opened this issue Dec 3, 2024 · 3 comments
Closed

Security Alert: 1.16.22 #10431

soloio-bot opened this issue Dec 3, 2024 · 3 comments
Assignees
@davidjumani
Labels
trivy vulnerability

Comments

@soloio-bot
Copy link

soloio-bot commented Dec 3, 2024
edited
Loading

quay.io/solo-io/access-logger:1.16.22

No Vulnerabilities Found for quay.io/solo-io/access-logger:1.16.22 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/access-logger

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2024-45337 golang.org/x/crypto CRITICAL v0.17.0 0.31.0 https://avd.aquasec.com/nvd/cve-2024-45337

quay.io/solo-io/certgen:1.16.22

No Vulnerabilities Found for quay.io/solo-io/certgen:1.16.22 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/certgen

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2024-45337 golang.org/x/crypto CRITICAL v0.17.0 0.31.0 https://avd.aquasec.com/nvd/cve-2024-45337

quay.io/solo-io/discovery:1.16.22

No Vulnerabilities Found for quay.io/solo-io/discovery:1.16.22 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/discovery

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2024-36621 github.com/moby/moby HIGH v24.0.7+incompatible 26.0.0 https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623 github.com/moby/moby HIGH v24.0.7+incompatible 26.0.0 https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2024-45337 golang.org/x/crypto CRITICAL v0.17.0 0.31.0 https://avd.aquasec.com/nvd/cve-2024-45337

quay.io/solo-io/gloo:1.16.22

No Vulnerabilities Found for quay.io/solo-io/gloo:1.16.22 (ubuntu 20.04)

Vulnerabilities Listed for usr/local/bin/gloo

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2024-36621 github.com/moby/moby HIGH v24.0.7+incompatible 26.0.0 https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623 github.com/moby/moby HIGH v24.0.7+incompatible 26.0.0 https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2024-45337 golang.org/x/crypto CRITICAL v0.17.0 0.31.0 https://avd.aquasec.com/nvd/cve-2024-45337

quay.io/solo-io/gloo-envoy-wrapper:1.16.22

No Vulnerabilities Found for quay.io/solo-io/gloo-envoy-wrapper:1.16.22

quay.io/solo-io/ingress:1.16.22

No Vulnerabilities Found for quay.io/solo-io/ingress:1.16.22 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/ingress

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2024-36621 github.com/moby/moby HIGH v24.0.7+incompatible 26.0.0 https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623 github.com/moby/moby HIGH v24.0.7+incompatible 26.0.0 https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2024-45337 golang.org/x/crypto CRITICAL v0.17.0 0.31.0 https://avd.aquasec.com/nvd/cve-2024-45337

quay.io/solo-io/kubectl:1.16.22

No Vulnerabilities Found for quay.io/solo-io/kubectl:1.16.22

quay.io/solo-io/sds:1.16.22

No Vulnerabilities Found for quay.io/solo-io/sds:1.16.22 (alpine 3.17.6)

Vulnerabilities Listed for usr/local/bin/sds

Vulnerability ID Package Severity Installed Version Fixed Version Reference
CVE-2024-36621 github.com/moby/moby HIGH v24.0.7+incompatible 26.0.0 https://avd.aquasec.com/nvd/cve-2024-36621
CVE-2024-36623 github.com/moby/moby HIGH v24.0.7+incompatible 26.0.0 https://avd.aquasec.com/nvd/cve-2024-36623
CVE-2024-45337 golang.org/x/crypto CRITICAL v0.17.0 0.31.0 https://avd.aquasec.com/nvd/cve-2024-45337
This was referenced Dec 12, 2024
Closed
Closed
Merged
@ashishb-solo
Copy link

Fixed in https://github.com/solo-io/gloo/releases/tag/v1.16.23

@ashishb-solo
Copy link

ashishb-solo commented Dec 19, 2024
edited
Loading

Closed in error. The crypto vulnerability is fixed. the moby one is still not yet :-(

Image

@ashishb-solo ashishb-solo reopened this Dec 19, 2024
@sam-heilbron
Copy link

This has been released. As a result, future CVEs are tracked in the 1.16.23 issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidjumani davidjumani

Labels
trivy vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sam-heilbron @davidjumani @soloio-bot @ashishb-solo