It's a little unclear how this only warrants a severity of "medium" given that it is a full remote code execution exploit with actual weaponized code in the wild.
It's a little unclear how this only warrants a severity of "medium" given that it is a full remote code execution exploit with actual weaponized code in the wild.