Change @security-severity for rust/log-injection from 2.6 to 6.1

2026-04-29 18:55:14 +02:00 · 2026-03-17 12:01:05 +00:00
parent 52809133f5
commit 3aaee9d981
2 changed files with 2 additions and 1 deletions
--- a/rust/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
+++ b/rust/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
@@ -1,4 +1,5 @@
 ---
 category: queryMetadata
 ---
+* The `@security-severity` metadata of `rust/log-injection` has been increased from 2.6 (low) to 6.1 (medium).
 * The `@security-severity` metadata of `rust/xss` has been increased from 6.1 (medium) to 7.8 (high).
--- a/rust/ql/src/queries/security/CWE-117/LogInjection.ql
+++ b/rust/ql/src/queries/security/CWE-117/LogInjection.ql
@@ -4,7 +4,7 @@
 *              insertion of forged log entries by a malicious user.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 2.6
+ * @security-severity 6.1
 * @precision medium
 * @id rust/log-injection
 * @tags security