Align Java CommandInjectionRuntimeExec.ql Severity

JLLeitschuh · web-flow · commit 472cca9221c0 · 2024-06-21T10:29:27.000-04:00
Align severity with other command injection vulnerabilities: - https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql#L8 - https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/go/ql/src/Security/CWE-078/CommandInjection.ql#L7 - https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql#L7 - https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/javascript/ql/src/Security/CWE-078/CommandInjection.ql#L7
diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql
@@ -3,7 +3,7 @@
  * @description High sensitvity and precision version of java/command-line-injection, designed to find more cases of command injection in rare cases that the default query does not find
  * @kind path-problem
  * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 9.8
  * @precision high
  * @id java/command-line-injection-extra
  * @tags security
