Incorrect Type Conversion or Cast
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-704: Incorrect Type Conversion or Cast |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User input is being directly converted to types like float(), bool(), or complex() without validation. This lets attackers submit ‘NaN’ (not-a-number) values that Python accepts, which can cause unexpected or incorrect behavior in your code.
Impact#
If exploited, attackers can manipulate application logic—such as bypassing authentication checks or causing errors in sorting, comparison, or calculations—leading to data corruption, security bypasses, or unpredictable app behavior.