Reduce severity of java/relative-path-command

Significantly reduces the severity of `java/relative-path-command` from 9.8 to 5.4 https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2026-04-26 17:25:19 +02:00 · 2024-02-06 15:43:19 -05:00
parent 3b43f848c9
commit 1484a169d7
1 changed files with 1 additions and 1 deletions
--- a/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
+++ b/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
@@ -4,7 +4,7 @@
 *              malicious changes in the PATH environment variable.
 * @kind problem
 * @problem.severity warning
- * @security-severity 9.8
+ * @security-severity 5.4
 * @precision medium
 * @id java/relative-path-command
 * @tags security