[cjbprime]

That's a CVSS issue. Heartbleed only affected Confidentiality, and CVSS rates scores on a triad of Confidentiality, Integrity, and Availability. RCE affects all three.

[tptacek]

Heartbleed was a much more significant issue than this ingress-nginx thing.

[cjbprime]

I agree with you, which is why I'm redirecting the blame to the CVSS standard, which does not agree with you.

[mort96]

That's exactly what I'm complaining about, yes. Nothing burgers get 9.8, while earth shattering vulnerabilities get 7.5 using the scoring system that the security community uses to describe "severity".