Align Ruby NonConstantKernelOpen.ql Severity

JLLeitschuh · web-flow · commit 1728e5dfd569 · 2024-06-21T10:27:47.000-04:00
Align severity with other command injection vulnerabilities: - https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql#L8 - https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/go/ql/src/Security/CWE-078/CommandInjection.ql#L7 - https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql#L7 - https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/javascript/ql/src/Security/CWE-078/CommandInjection.ql#L7
diff --git a/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql b/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
@@ -5,7 +5,7 @@
  *              user to execute arbitrary system commands.
  * @kind problem
  * @problem.severity warning
- * @security-severity 6.5
+ * @security-severity 9.8
  * @precision high
  * @id rb/non-constant-kernel-open
  * @tags correctness
