You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: IRP.md
+1-2Lines changed: 1 addition & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -53,8 +53,7 @@ Applies to security incidents that affect the `oauth2` codebase, releases (gems)
53
53
- Add/adjust tests and CI checks to prevent regressions.
54
54
- If credentials or infrastructure were compromised, rotate secrets and audit access.
55
55
56
-
Severity classification (guidance)
57
-
---------------------------------
56
+
## Severity classification (guidance)
58
57
- High/Critical: Remote code execution, data exfiltration, or any vulnerability that can be exploited without user interaction. Immediate action and prioritized patching.
59
58
- Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory.
60
59
- Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release.
0 commit comments