From fcb2258411f9fee022c1738c94f6b5bf4b8508e6 Mon Sep 17 00:00:00 2001
From: Sunny Patel <sunny.p@ibm.com>
Date: Sun, 15 Feb 2026 19:40:50 -0500
Subject: [PATCH] Add CVSS 3.1 severity for GHSA-73v2-rxqp-7q4f

---
 .../2024/03/GHSA-73v2-rxqp-7q4f/GHSA-73v2-rxqp-7q4f.json | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/advisories/github-reviewed/2024/03/GHSA-73v2-rxqp-7q4f/GHSA-73v2-rxqp-7q4f.json b/advisories/github-reviewed/2024/03/GHSA-73v2-rxqp-7q4f/GHSA-73v2-rxqp-7q4f.json
index 4b7ff06e7b5a2..959ea41c04ed4 100644
--- a/advisories/github-reviewed/2024/03/GHSA-73v2-rxqp-7q4f/GHSA-73v2-rxqp-7q4f.json
+++ b/advisories/github-reviewed/2024/03/GHSA-73v2-rxqp-7q4f/GHSA-73v2-rxqp-7q4f.json
@@ -8,7 +8,12 @@
   ],
   "summary": "aliyundrive-webdav vulnerable to Command Injection",
   "details": "An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the `action_query_qrcode` component.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -80,4 +85,4 @@
     "github_reviewed_at": "2024-03-29T20:14:34Z",
     "nvd_published_at": "2024-03-29T17:15:12Z"
   }
-}
\ No newline at end of file
+}