{
  "claim_outcome": "distinct_variant_confirmed_not_bypass",
  "variant_type": "alternate_trigger",
  "bypass": false,
  "variant_reproduced_on_vulnerable": true,
  "variant_reproduced_on_fixed": false,
  "fix_coverage": "complete",
  "fix_covers_variant": true,
  "repro_result": "alternate_trigger_on_vulnerable_only",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "info_leak",
  "observed_impact_class": "info_leak",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "VSIX with package.json \"icon\": \"payload.html\" containing extension/payload.html (HTML + <script>), published via POST /api/-/publish; served via GET /api/{ns}/{ext}/{ver}/file/payload.html (the advertised files.icon URL).",
  "trigger_path": "POST /api/-/publish (VSIX icon=payload.html) -> ExtensionProcessor.getIcon stores ICON FileResource payload.html (no type validation) -> GET /api/{ns}/{ext}/{ver}/file/payload.html -> LocalRegistryService.getFile -> StorageUtilService.getFileResponse(FileResource) -> LocalStorageService.getFile -> getFileResponseHeaders -> StorageUtil.getFileType -> text/html (no CSP, no Content-Disposition)",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": false,
  "vulnerable_version": {
    "ref": "v1.0.1",
    "commit_sha": "e92a1a7a448be08570cc4c4969717ed3e2260015",
    "variant_headers": {
      "content_type": "text/html",
      "has_csp": 0,
      "has_content_disposition": 0,
      "inline_html": 1
    }
  },
  "fixed_version": {
    "ref": "v1.0.2",
    "commit_sha": "9491f32a6d459a4d499c5028d37c0d0386771e9f",
    "variant_headers": {
      "content_type": "text/plain;charset=utf-8",
      "has_csp": 1,
      "has_content_disposition": 0,
      "inline_html": 0
    }
  },
  "control_path_check": {
    "endpoint": "GET /vscode/unpkg/{ns}/{ext}/{ver}/extension/payload.html",
    "vuln_inline_html": 1,
    "fixed_inline_html": 0,
    "comment": "Original repro path behaves identically to the variant on each version, confirming harness soundness and that the fix changes behavior on both sinks."
  },
  "blocking_mitigation": "v1.0.2 HttpHeadersUtil.createFileResponseHeaders uses Apache Tika content detection; text/html is in TEXT_VIEWABLE_MEDIA_TYPES so Content-Type is forced to text/plain;charset=utf-8 and a strict CSP (default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; sandbox) + nosniff + X-Frame-Options: DENY are always set. LocalStorageService.getFile(FileResource) was rewired to this helper (line 92), so the persisted-FileResource serving path used by the variant is mitigated.",
  "claim_block_reason": null,
  "inferred": false,
  "notes": "A materially-distinct alternate entry point (RegistryAPI.getFile -> LocalRegistryService.getFile -> LocalStorageService.getFile(FileResource), fed by an HTML file smuggled as the extension icon via ExtensionProcessor.getIcon with no type validation) reaches the same insecure sink as CVE-2026-13323 on v1.0.1 and reproduces the exploitable header state (text/html, no CSP). The v1.0.2 fix covers this path; no bypass was found after examining all five serving endpoints, four storage backends, the upstream proxy, namespace-logo upload validation, and the publish extraction paths."
}
