Skip to content

Commit 538a5af

Browse files
owen-mcowen-mc
authored
Merge pull request #19738 from owen-mc/pr/felickz/19530
Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)
2 parents d667f7d + 0135cf6 commit 538a5af

File tree

6 files changed

+15
-3
lines changed

6 files changed

+15
-3
lines changed

csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* and cause a denial of service.
55
* @kind path-problem
66
* @problem.severity error
7-
* @security-severity 9.3
7+
* @security-severity 7.3
88
* @precision high
99
* @id cs/uncontrolled-format-string
1010
* @tags security

csharp/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: queryMetadata
3+
---
4+
* Adjusts the `@security-severity` from 9.3 to 7.3 for `cs/uncontrolled-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.

java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* @description Using external input in format strings can lead to exceptions or information leaks.
44
* @kind path-problem
55
* @problem.severity error
6-
* @security-severity 9.3
6+
* @security-severity 7.3
77
* @precision high
88
* @id java/tainted-format-string
99
* @tags security

java/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: queryMetadata
3+
---
4+
* Adjusts the `@security-severity` from 9.3 to 7.3 for `java/tainted-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.

swift/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: queryMetadata
3+
---
4+
* Adjusts the `@security-severity` from 9.3 to 7.3 for `swift/uncontrolled-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.

swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* @description Using external input in format strings can lead to exceptions or information leaks.
44
* @kind path-problem
55
* @problem.severity error
6-
* @security-severity 9.3
6+
* @security-severity 7.3
77
* @precision high
88
* @id swift/uncontrolled-format-string
99
* @tags security

0 commit comments

Comments
 (0)