SYM_PY_0172 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Type Conversion or Cast
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-704: Incorrect Type Conversion or Cast |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
User input is being passed directly into float(), bool(), or complex() typecasts without validation. This lets an attacker supply 'nan', causing unpredictable behavior in comparisons or calculations.
Impact
If exploited, attackers can inject NaN values that break sorting, min/max functions, and logical checks, potentially bypassing security logic, corrupting data processing, or causing application errors that may lead to further vulnerabilities or system instability.