Change @security-severity for rust/log-injection from 2.6 to 6.1

owen-mc · owen-mc · commit 3aaee9d98123 · 2026-03-17T12:01:05.000Z
diff --git a/rust/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md b/rust/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
@@ -1,4 +1,5 @@
 ---
 category: queryMetadata
 ---
+* The `@security-severity` metadata of `rust/log-injection` has been increased from 2.6 (low) to 6.1 (medium).
 * The `@security-severity` metadata of `rust/xss` has been increased from 6.1 (medium) to 7.8 (high).
diff --git a/rust/ql/src/queries/security/CWE-117/LogInjection.ql b/rust/ql/src/queries/security/CWE-117/LogInjection.ql
@@ -4,7 +4,7 @@
  *              insertion of forged log entries by a malicious user.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 2.6
+ * @security-severity 6.1
  * @precision medium
  * @id rust/log-injection
  * @tags security
