Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages

felickz · web-flow · commit 8a81aa1762b2 · 2025-05-19T14:43:08.000-04:00
- Sync up to score given to javascript/ruby
diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
@@ -4,7 +4,7 @@
  *              and cause a denial of service.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id cs/uncontrolled-format-string
  * @tags security
diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
@@ -3,7 +3,7 @@
  * @description Using external input in format strings can lead to exceptions or information leaks.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id java/tainted-format-string
  * @tags security
diff --git a/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql b/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
@@ -3,7 +3,7 @@
  * @description Using external input in format strings can lead to exceptions or information leaks.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
  * @precision high
  * @id swift/uncontrolled-format-string
  * @tags security
