Merge pull request #16808 from JLLeitschuh/patch-8

aschackmull · web-flow · commit 3a9610795b05 · 2024-08-16T15:14:48.000+02:00
Align Java CommandInjectionRuntimeExec.ql Severity
diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql
@@ -3,7 +3,7 @@
  * @description High sensitvity and precision version of java/command-line-injection, designed to find more cases of command injection in rare cases that the default query does not find
  * @kind path-problem
  * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 9.8
  * @precision high
  * @id java/command-line-injection-extra
  * @tags security
