CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
Description
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (269)
page 13 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-23509 | — | 0.00 | — | 0.02 | Nov 3, 2021 | This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays. | ||
| CVE-2021-23807 | — | 0.00 | — | 0.03 | Nov 3, 2021 | This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. | ||
| CVE-2021-23624 | — | 0.00 | — | 0.01 | Nov 3, 2021 | This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays. | ||
| CVE-2021-23820 | — | 0.00 | — | 0.02 | Nov 3, 2021 | This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays. | ||
| CVE-2021-23447 | 0.00 | — | 0.01 | Oct 7, 2021 | This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). | |||
| CVE-2021-23444 | — | 0.00 | — | 0.02 | Sep 21, 2021 | This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function. | ||
| CVE-2021-23443 | — | 0.00 | — | 0.01 | Sep 21, 2021 | This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used. | ||
| CVE-2021-39219 | 0.00 | — | 0.00 | Sep 17, 2021 | Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use… | |||
| CVE-2021-23440 | — | 0.00 | — | 0.02 | Sep 12, 2021 | This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays. | ||
| CVE-2021-23438 | — | 0.00 | — | 0.02 | Sep 1, 2021 | This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if… | ||
| CVE-2021-23436 | — | 0.00 | — | 0.02 | Sep 1, 2021 | This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p ===… | ||
| CVE-2021-23434 | — | 0.00 | — | 0.02 | Aug 27, 2021 | This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is… | ||
| CVE-2020-36460 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type. | ||
| CVE-2021-32696 | 0.00 | — | 0.01 | Jun 18, 2021 | The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can… | |||
| CVE-2021-29519 | 0.00 | — | 0.00 | May 14, 2021 | TensorFlow is an end-to-end open source platform for machine learning. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a `CHECK`-failure and denial of service. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3d782b7d4… | |||
| CVE-2019-25010 | — | 0.00 | — | 0.01 | Dec 31, 2020 | An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden. | ||
| CVE-2020-25575 | — | 0.00 | — | 0.03 | Sep 14, 2020 | An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.… | ||
| CVE-2020-1911 | — | 0.00 | — | 0.02 | Sep 4, 2020 | A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note… | ||
| CVE-2020-25016 | — | 0.00 | — | 0.02 | Aug 29, 2020 | A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. | ||
| CVE-2019-5815 | 0.00 | — | 0.02 | Dec 11, 2019 | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. |
- CVE-2021-23509Nov 3, 2021risk 0.00cvss —epss 0.02
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
- CVE-2021-23807Nov 3, 2021risk 0.00cvss —epss 0.03
This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.
- CVE-2021-23624Nov 3, 2021risk 0.00cvss —epss 0.01
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.
- CVE-2021-23820Nov 3, 2021risk 0.00cvss —epss 0.02
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
- CVE-2021-23447Oct 7, 2021risk 0.00cvss —epss 0.01
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
- CVE-2021-23444Sep 21, 2021risk 0.00cvss —epss 0.02
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
- CVE-2021-23443Sep 21, 2021risk 0.00cvss —epss 0.01
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.
- CVE-2021-39219Sep 17, 2021risk 0.00cvss —epss 0.00
Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use…
- CVE-2021-23440Sep 12, 2021risk 0.00cvss —epss 0.02
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
- CVE-2021-23438Sep 1, 2021risk 0.00cvss —epss 0.02
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if…
- CVE-2021-23436Sep 1, 2021risk 0.00cvss —epss 0.02
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p ===…
- CVE-2021-23434Aug 27, 2021risk 0.00cvss —epss 0.02
This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is…
- CVE-2020-36460Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.
- CVE-2021-32696Jun 18, 2021risk 0.00cvss —epss 0.01
The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can…
- CVE-2021-29519May 14, 2021risk 0.00cvss —epss 0.00
TensorFlow is an end-to-end open source platform for machine learning. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a `CHECK`-failure and denial of service. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3d782b7d4…
- CVE-2019-25010Dec 31, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.
- CVE-2020-25575Sep 14, 2020risk 0.00cvss —epss 0.03
An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.…
- CVE-2020-1911Sep 4, 2020risk 0.00cvss —epss 0.02
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note…
- CVE-2020-25016Aug 29, 2020risk 0.00cvss —epss 0.02
A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.
- CVE-2019-5815Dec 11, 2019risk 0.00cvss —epss 0.02
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.