mirror of
https://github.com/github/codeql.git
synced 2026-07-13 15:28:16 +02:00
The CWE number for this query is associated with buffer overflows from printf/scanf-style functions in C++, which has likely determined its derived security score. But in JavaScript, a tainted format string is unlikely to lead to anything worse than log injection so we're manually update its score to reflect this.