{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "HTTP GET to aiohttp web.static() route with follow_symlinks=True; path traversal via ../ using curl --path-as-is and raw-socket HTTP",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "aiohttp==3.9.1",
    "python3.11"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/vulnerable_1.log",
    "repro/artifacts/http/vulnerable_1/health_resp.txt",
    "repro/artifacts/http/vulnerable_1/leak_method.txt",
    "repro/artifacts/http/vulnerable_1/m1_headers.txt",
    "repro/artifacts/http/vulnerable_1/m1_resp.txt",
    "repro/artifacts/http/vulnerable_1/m2_headers.txt",
    "repro/artifacts/http/vulnerable_1/m2_resp.txt",
    "repro/artifacts/http/vulnerable_1/m3_headers.txt",
    "repro/artifacts/http/vulnerable_1/m3_resp.txt",
    "repro/artifacts/http/vulnerable_1/m4_headers.txt",
    "repro/artifacts/http/vulnerable_1/m4_resp.txt",
    "repro/artifacts/http/vulnerable_1/m5_headers.txt",
    "repro/artifacts/http/vulnerable_1/m5_resp.txt",
    "repro/artifacts/http/vulnerable_1/proof_leak.txt",
    "repro/artifacts/http/vulnerable_1/proof_leak_headers.txt",
    "repro/artifacts/http/vulnerable_1/result.txt",
    "repro/artifacts/http/vulnerable_1/runtime_versions.txt",
    "repro/artifacts/http/vulnerable_1/version.txt",
    "logs/vulnerable_2.log",
    "repro/artifacts/http/vulnerable_2/health_resp.txt",
    "repro/artifacts/http/vulnerable_2/leak_method.txt",
    "repro/artifacts/http/vulnerable_2/m1_headers.txt",
    "repro/artifacts/http/vulnerable_2/m1_resp.txt",
    "repro/artifacts/http/vulnerable_2/m2_headers.txt",
    "repro/artifacts/http/vulnerable_2/m2_resp.txt",
    "repro/artifacts/http/vulnerable_2/m3_headers.txt",
    "repro/artifacts/http/vulnerable_2/m3_resp.txt",
    "repro/artifacts/http/vulnerable_2/m4_headers.txt",
    "repro/artifacts/http/vulnerable_2/m4_resp.txt",
    "repro/artifacts/http/vulnerable_2/m5_headers.txt",
    "repro/artifacts/http/vulnerable_2/m5_resp.txt",
    "repro/artifacts/http/vulnerable_2/proof_leak.txt",
    "repro/artifacts/http/vulnerable_2/proof_leak_headers.txt",
    "repro/artifacts/http/vulnerable_2/result.txt",
    "repro/artifacts/http/vulnerable_2/runtime_versions.txt",
    "repro/artifacts/http/vulnerable_2/version.txt",
    "logs/fixed_1.log",
    "repro/artifacts/http/fixed_1/health_resp.txt",
    "repro/artifacts/http/fixed_1/leak_method.txt",
    "repro/artifacts/http/fixed_1/m1_headers.txt",
    "repro/artifacts/http/fixed_1/m1_resp.txt",
    "repro/artifacts/http/fixed_1/m2_headers.txt",
    "repro/artifacts/http/fixed_1/m2_resp.txt",
    "repro/artifacts/http/fixed_1/m3_headers.txt",
    "repro/artifacts/http/fixed_1/m3_resp.txt",
    "repro/artifacts/http/fixed_1/m4_headers.txt",
    "repro/artifacts/http/fixed_1/m4_resp.txt",
    "repro/artifacts/http/fixed_1/m5_headers.txt",
    "repro/artifacts/http/fixed_1/m5_resp.txt",
    "repro/artifacts/http/fixed_1/result.txt",
    "repro/artifacts/http/fixed_1/runtime_versions.txt",
    "repro/artifacts/http/fixed_1/version.txt",
    "logs/fixed_2.log",
    "repro/artifacts/http/fixed_2/health_resp.txt",
    "repro/artifacts/http/fixed_2/leak_method.txt",
    "repro/artifacts/http/fixed_2/m1_headers.txt",
    "repro/artifacts/http/fixed_2/m1_resp.txt",
    "repro/artifacts/http/fixed_2/m2_headers.txt",
    "repro/artifacts/http/fixed_2/m2_resp.txt",
    "repro/artifacts/http/fixed_2/m3_headers.txt",
    "repro/artifacts/http/fixed_2/m3_resp.txt",
    "repro/artifacts/http/fixed_2/m4_headers.txt",
    "repro/artifacts/http/fixed_2/m4_resp.txt",
    "repro/artifacts/http/fixed_2/m5_headers.txt",
    "repro/artifacts/http/fixed_2/m5_resp.txt",
    "repro/artifacts/http/fixed_2/result.txt",
    "repro/artifacts/http/fixed_2/runtime_versions.txt",
    "repro/artifacts/http/fixed_2/version.txt",
    "repro/artifacts/source_diff.txt"
  ],
  "notes": "Vulnerable aiohttp 3.9.1 traversal leak=True; fixed aiohttp 3.9.2 leak=False; confirmed=true"
}