SYM_PY_0144 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Type Conversion or Cast
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-704: Incorrect Type Conversion or Cast |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
User input is being directly converted to types like float(), bool(), or complex() without validation. This lets attackers submit 'NaN' (not-a-number) values that Python accepts, which can cause unexpected or incorrect behavior in your code.
Impact
If exploited, attackers can manipulate application logic—such as bypassing authentication checks or causing errors in sorting, comparison, or calculations—leading to data corruption, security bypasses, or unpredictable app behavior.