github · aschackmull · Mar 31, 2022 · Mar 14, 2022
@@ -4,6 +4,7 @@
  *              object and to execution of arbitrary code.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.8
  * @precision high
  * @id java/jndi-injection
  * @tags security

@@ -4,6 +4,7 @@
  *              information disclosure or execution of arbitrary code.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.8
  * @precision high
  * @id java/xslt-injection
  * @tags security

@@ -4,6 +4,7 @@
  *              may lead to arbitrary code execution.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.3
  * @precision high
  * @id java/groovy-injection
  * @tags security

@@ -4,6 +4,7 @@
  *              may lead to remote code execution.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.3
  * @precision high
  * @id java/mvel-expression-injection
  * @tags security

@@ -4,6 +4,7 @@
  *              may lead to remote code execution.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.3
  * @precision high
  * @id java/spel-expression-injection
  * @tags security

@@ -3,6 +3,7 @@
  * @description Writing information without explicit permissions to a shared temporary directory may disclose it to other users.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 6.5
  * @precision medium
  * @id java/local-temp-file-or-directory-information-disclosure
  * @tags security

@@ -5,6 +5,7 @@
  *              the app vulnerable to man-in-the-middle attacks.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 9.8
  * @precision medium
  * @id java/unsafe-cert-trust
  * @tags security

@@ -5,6 +5,7 @@
  *              privileges or unexpected exposure from chained vulnerabilities.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.5
  * @precision medium
  * @id java/android/cleartext-storage-database
  * @tags security

@@ -5,6 +5,7 @@
  *              from chained vulnerabilities.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.5
  * @precision medium
  * @id java/android/cleartext-storage-filesystem
  * @tags security

@@ -5,6 +5,7 @@
  *              privileges or unexpected exposure from chained vulnerabilities.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.5
  * @precision medium
  * @id java/android/cleartext-storage-shared-prefs
  * @tags security

@@ -6,6 +6,7 @@
  *              the data vulnerable to packet sniffing.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 8.8
  * @precision medium
  * @id java/insecure-basic-auth
  * @tags security

@@ -4,6 +4,7 @@
  *              application files and web resources from any origin exposing them to attack.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 6.1
  * @precision medium
  * @id java/android/unsafe-android-webview-fetch
  * @tags security

@@ -4,6 +4,7 @@
  *                lead to execution of arbitrary code.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.8
  * @precision high
  * @id java/ognl-injection
  * @tags security

@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Added the `security-severity` tag to several queries.