mutated × unstructured — blows up live on input you didn't expect

Type Confusion / Bad Coercion

State mutated to a new type that the next reader does not expect.

01the recipe

In the wild

compound ofthis MutationCWE-471 MAID (Modification of Immutable Data)Type Errors in Dynamic LanguagesCWE-704 Bad CastcompoundCWE-843 Type Confusion

example.js

// SMELL: a field mutated to a different type than the next line assumes.
// (this mutation x type errors)
class Cart {
  constructor() { this.total = 0; }         // number
  applyCoupon(code) { this.total = code; }  // oops: now a string
}
const c = new Cart();
c.applyCoupon("SAVE10");
c.total.toFixed(2);   // TypeError: c.total.toFixed is not a function

// RIGHT: keep the field's type stable; parse input into the right shape.
applyCoupon(code) { this.discount = lookup(code); }  // total stays a number

Mutating this.total to a string keeps the program running until something treats it as a number. The type drift and the crash are in different methods.

// observed

confused: total is a string; .toFixed is not a function
stable:   total stays numeric

02weakness catalog

Mapped weaknesses (CWE)

On its own, this defect is catalogued by MITRE as one or more of these weaknesses. The exploitable vulnerability usually appears only when it chains or combines with another.