[2026-07-01T15:22:20+00:00] Ensuring required Docker images are available ... [2026-07-01T15:22:20+00:00] Image dotcms/dotcms:26.04.28-02 already present [2026-07-01T15:22:20+00:00] Image dotcms/dotcms:26.04.28-03 already present [2026-07-01T15:22:21+00:00] Image postgres:15 already present [2026-07-01T15:22:21+00:00] Image opensearchproject/opensearch:1.3.19 already present [2026-07-01T15:22:21+00:00] Image python:3-slim already present [2026-07-01T15:22:21+00:00] Image curlimages/curl:latest already present [2026-07-01T15:22:21+00:00] === Starting vuln stack (dotcms/dotcms:26.04.28-02) on port 8084 === [2026-07-01T15:22:22+00:00] Waiting for vuln dotCMS to finish startup (timeout 300s) ... [2026-07-01T15:23:27+00:00] vuln dotCMS is live after 65s [2026-07-01T15:23:27+00:00] Waiting for vuln dotCMS HTTP service to respond ... [2026-07-01T15:23:29+00:00] vuln dotCMS healthcheck returned HTTP 404 after 0s [2026-07-01T15:23:29+00:00] Running variant tests against vuln dotCMS ... [2026-07-01T15:24:21+00:00] === vuln stack cleaned up === [2026-07-01T15:24:21+00:00] === Starting fixed stack (dotcms/dotcms:26.04.28-03) on port 8085 === [2026-07-01T15:24:22+00:00] Waiting for fixed dotCMS to finish startup (timeout 300s) ... [2026-07-01T15:25:27+00:00] fixed dotCMS is live after 65s [2026-07-01T15:25:27+00:00] Waiting for fixed dotCMS HTTP service to respond ... [2026-07-01T15:25:29+00:00] fixed dotCMS healthcheck returned HTTP 404 after 0s [2026-07-01T15:25:29+00:00] Running variant tests against fixed dotCMS ... [2026-07-01T15:25:58+00:00] === fixed stack cleaned up === { "vuln_tag": "26.04.28-02", "fixed_tag": "26.04.28-03", "tests": [ { "name": "getAll_false_condition", "vuln_status": 200, "vuln_duration": 0.05843784299213439, "fixed_status": 401, "fixed_duration": 0.06192009802907705 }, { "name": "getAll_true_condition", "vuln_status": 200, "vuln_duration": 5.019465768011287, "fixed_status": 401, "fixed_duration": 0.00636852893512696 }, { "name": "get_path_sqli", "vuln_status": 404, "vuln_duration": 0.05021603696513921, "fixed_status": 401, "fixed_duration": 0.009135822067037225 }, { "name": "getAll_single_string_body", "vuln_status": 400, "vuln_duration": 0.009650958934798837, "fixed_status": 400, "fixed_duration": 0.00678968196734786 }, { "name": "getAll_empty_list", "vuln_status": 500, "vuln_duration": 0.018529442022554576, "fixed_status": 401, "fixed_duration": 0.0074894370045512915 }, { "name": "getAll_text_plain", "vuln_status": 415, "vuln_duration": 0.008495070040225983, "fixed_status": 415, "fixed_duration": 0.009602835052646697 }, { "name": "getAll_missing_content_type", "vuln_status": 415, "vuln_duration": 0.05493940191809088, "fixed_status": 415, "fixed_duration": 0.011155752930790186 }, { "name": "getAll_empty_bearer", "vuln_status": 200, "vuln_duration": 5.251905619981699, "fixed_status": 401, "fixed_duration": 0.2175404590088874 }, { "name": "getAll_x_forwarded_for_localhost", "vuln_status": 200, "vuln_duration": 5.013323446037248, "fixed_status": 401, "fixed_duration": 0.006709103938192129 }, { "name": "getAll_method_override", "vuln_status": 200, "vuln_duration": 5.01756209495943, "fixed_status": 401, "fixed_duration": 0.006543265073560178 } ], "positive_control_ok": true, "bypass_or_variant_found": false, "bypass_candidates": [] } [2026-07-01T15:25:58+00:00] No variant or bypass confirmed against the fixed version. [2026-07-01T15:26:08+00:00] Ensuring required Docker images are available ... [2026-07-01T15:26:08+00:00] Image dotcms/dotcms:26.04.28-02 already present [2026-07-01T15:26:08+00:00] Image dotcms/dotcms:26.04.28-03 already present [2026-07-01T15:26:08+00:00] Image postgres:15 already present [2026-07-01T15:26:08+00:00] Image opensearchproject/opensearch:1.3.19 already present [2026-07-01T15:26:08+00:00] Image python:3-slim already present [2026-07-01T15:26:08+00:00] Image curlimages/curl:latest already present [2026-07-01T15:26:08+00:00] === Starting vuln stack (dotcms/dotcms:26.04.28-02) on port 8084 === [2026-07-01T15:26:09+00:00] Waiting for vuln dotCMS to finish startup (timeout 300s) ... [2026-07-01T15:27:15+00:00] vuln dotCMS is live after 65s [2026-07-01T15:27:15+00:00] Waiting for vuln dotCMS HTTP service to respond ... [2026-07-01T15:27:16+00:00] vuln dotCMS healthcheck returned HTTP 404 after 0s [2026-07-01T15:27:16+00:00] Running variant tests against vuln dotCMS ... [2026-07-01T15:28:08+00:00] === vuln stack cleaned up === [2026-07-01T15:28:08+00:00] === Starting fixed stack (dotcms/dotcms:26.04.28-03) on port 8085 === [2026-07-01T15:28:10+00:00] Waiting for fixed dotCMS to finish startup (timeout 300s) ... [2026-07-01T15:29:15+00:00] fixed dotCMS is live after 65s [2026-07-01T15:29:15+00:00] Waiting for fixed dotCMS HTTP service to respond ... [2026-07-01T15:29:17+00:00] fixed dotCMS healthcheck returned HTTP 404 after 0s [2026-07-01T15:29:17+00:00] Running variant tests against fixed dotCMS ... [2026-07-01T15:29:45+00:00] === fixed stack cleaned up === { "vuln_tag": "26.04.28-02", "fixed_tag": "26.04.28-03", "tests": [ { "name": "getAll_false_condition", "vuln_status": 200, "vuln_duration": 0.055817545973695815, "fixed_status": 401, "fixed_duration": 0.059609731077216566 }, { "name": "getAll_true_condition", "vuln_status": 200, "vuln_duration": 5.018940941081382, "fixed_status": 401, "fixed_duration": 0.007621083990670741 }, { "name": "get_path_sqli", "vuln_status": 404, "vuln_duration": 0.04760813096072525, "fixed_status": 401, "fixed_duration": 0.010617716936394572 }, { "name": "getAll_single_string_body", "vuln_status": 400, "vuln_duration": 0.007033350993879139, "fixed_status": 400, "fixed_duration": 0.0075477639911696315 }, { "name": "getAll_empty_list", "vuln_status": 500, "vuln_duration": 0.01531163603067398, "fixed_status": 401, "fixed_duration": 0.006629199022427201 }, { "name": "getAll_text_plain", "vuln_status": 415, "vuln_duration": 0.006836130050942302, "fixed_status": 415, "fixed_duration": 0.0091729600680992 }, { "name": "getAll_missing_content_type", "vuln_status": 415, "vuln_duration": 0.04421516298316419, "fixed_status": 415, "fixed_duration": 0.010877625900320709 }, { "name": "getAll_empty_bearer", "vuln_status": 200, "vuln_duration": 5.186074184020981, "fixed_status": 401, "fixed_duration": 0.18867861002217978 }, { "name": "getAll_x_forwarded_for_localhost", "vuln_status": 200, "vuln_duration": 5.024504465982318, "fixed_status": 401, "fixed_duration": 0.00650852604303509 }, { "name": "getAll_method_override", "vuln_status": 200, "vuln_duration": 5.022051605978049, "fixed_status": 401, "fixed_duration": 0.006349069997668266 } ], "positive_control_ok": true, "bypass_or_variant_found": false, "bypass_candidates": [] } [2026-07-01T15:29:45+00:00] No variant or bypass confirmed against the fixed version.