Note on the 'severity' per comment #2: The severity set is based on the severity of the CVE, partly per the Security Team's tracker.
As this has been classified as "low" there, the severity here was set to "Low".
Note on the 'severity' per comment #2: The severity set is based on the severity of the CVE, partly per the Security Team's tracker.
As this has been classified as "low" there, the severity here was set to "Low".