Incorrect Type Conversion or Cast

Property
Language
Severity
CWE	CWE-704: Incorrect Type Conversion or Cast
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description#

User input is being passed directly into float(), bool(), or complex() typecasts without validation. This lets an attacker supply ’nan’, causing unpredictable behavior in comparisons or calculations.

Impact#

If exploited, attackers can inject NaN values that break sorting, min/max functions, and logical checks, potentially bypassing security logic, corrupting data processing, or causing application errors that may lead to further vulnerabilities or system instability.