Merge pull request #19738 from owen-mc/pr/felickz/19530

Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)
2025-12-16 16:53:25 +01:00 · 2025-06-12 10:27:28 +01:00
parent d667f7d411 0135cf661f
commit 538a5af1d1
6 changed files with 15 additions and 3 deletions
--- a/swift/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
+++ b/swift/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Adjusts the `@security-severity` from 9.3 to 7.3 for `swift/uncontrolled-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.
--- a/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
+++ b/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
@@ -3,7 +3,7 @@
 * @description Using external input in format strings can lead to exceptions or information leaks.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 9.3
+ * @security-severity 7.3
 * @precision high
 * @id swift/uncontrolled-format-string
 * @tags security