Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2021-23434

Access of Resource Using Incompatible Type ('Type Confusion')

Published: Aug 27, 2021 | Modified: Nov 21, 2024
CVSS 3.x
8.6
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
8.6 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-23434
CWEhttps://cwe.mitre.org/data/definitions/843.html

This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === proto returns false if currentPath is [proto]. This is because the === operator returns always false when the type of the operands is different.

Weakness

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Affected Software

NameVendorStart VersionEnd Version
Object-pathObject-path_project*0.11.6 (excluding)
Red Hat Advanced Cluster Management for Kubernetes 2RedHatacmesolver-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatacm-must-gather-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatacm-operator-bundle-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatapplication-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcainjector-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcert-manager-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcert-manager-webhook-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcert-policy-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatclusterlifecycle-state-metrics-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconfigmap-watcher-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconfig-policy-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-header-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatendpoint-component-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatendpoint-monitoring-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatendpoint-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-propagator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-spec-sync-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-status-sync-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-template-sync-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgrafana-dashboard-loader-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgrc-ui-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgrc-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatiam-policy-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatklusterlet-addon-lease-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatklusterlet-operator-bundle-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatkui-web-terminal-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmanagement-ingress-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmcm-topology-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmcm-topology-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmemcached-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmemcached-exporter-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmetrics-collector-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticloud-manager-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticlusterhub-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticlusterhub-repo-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-observability-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-application-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-channel-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-deployable-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-placementrule-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-subscription-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-subscription-release-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatobservatorium-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatobservatorium-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatopenshift-hive-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatrbac-query-proxy-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatrcm-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatredisgraph-tls-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatregistration-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatregistration-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-aggregator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-collector-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsubmariner-addon-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatthanos-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatthanos-receive-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatwork-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatacmesolver-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatacm-must-gather-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatacm-operator-bundle-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatapplication-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcainjector-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcert-manager-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcert-manager-webhook-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatcert-policy-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatclusterlifecycle-state-metrics-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconfigmap-watcher-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconfig-policy-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatconsole-header-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatendpoint-component-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatendpoint-monitoring-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatendpoint-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-propagator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-spec-sync-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-status-sync-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgovernance-policy-template-sync-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgrafana-dashboard-loader-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgrc-ui-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatgrc-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatiam-policy-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatklusterlet-addon-lease-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatklusterlet-operator-bundle-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatkui-web-terminal-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmanagement-ingress-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmcm-topology-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmcm-topology-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmemcached-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmemcached-exporter-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmetrics-collector-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticloud-manager-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticlusterhub-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticlusterhub-repo-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-observability-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-application-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-channel-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-deployable-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-placementrule-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-subscription-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatmulticluster-operators-subscription-release-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatobservatorium-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatobservatorium-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatopenshift-hive-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatrbac-query-proxy-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatrcm-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatredisgraph-tls-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatregistration-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatregistration-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-aggregator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-api-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-collector-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-operator-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsearch-ui-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatsubmariner-addon-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatthanos-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatthanos-receive-controller-container*
Red Hat Advanced Cluster Management for Kubernetes 2RedHatwork-container*
Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8RedHatrhacm2/console-api-rhel8:v2.3.3-6*
Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8RedHatrhacm2/grc-ui-api-rhel8:v2.3.3-5*
Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8RedHatrhacm2/search-ui-rhel8:v2.3.3-7*
Node-object-pathUbuntubionic*
Node-object-pathUbuntuesm-apps/bionic*
Node-object-pathUbuntuesm-apps/focal*
Node-object-pathUbuntufocal*
Node-object-pathUbuntuhirsute*
Node-object-pathUbuntuimpish*
Node-object-pathUbuntulunar*
Node-object-pathUbuntumantic*
Node-object-pathUbuntuoracular*
Node-object-pathUbuntuplucky*
Node-object-pathUbuntutrusty*
Node-object-pathUbuntuxenial*

Extended Description

When the product accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access. While this weakness is frequently associated with unions when parsing data with many different embedded object types in C, it can be present in any application that can interpret the same variable or memory location in multiple ways. This weakness is not unique to C and C++. For example, errors in PHP applications can be triggered by providing array parameters when scalars are expected, or vice versa. Languages such as Perl, which perform automatic conversion of a variable of one type when it is accessed as if it were another type, can also contain these issues.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use