{
  "stage": "vuln_variant",
  "entrypoint_kind": "library_api",
  "entrypoint_detail": "Fastify app.inject exercising @fastify/middie parameterized guard /user/:id/comments across encoding/structural/router-option/method/prefix variants on vulnerable (9.3.2) and fixed (9.3.3) builds",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "node",
    "fastify",
    "@fastify/middie",
    "find-my-way"
  ],
  "variant_found_on_fixed": false,
  "confirmed_bypass": false,
  "evidence": {
    "vulnerable_version": "9.3.2",
    "fixed_version": "9.3.3",
    "fixed_is_latest_published": true,
    "vulnerable_commit_sha": "792d2f46ae68516d3122c9a4468a5748a34efb47",
    "fixed_commit_sha": "e038188b33b9436e1be9f9d1c1920416ec6c18f1",
    "vulnerable_build_bypass_count": 24,
    "fixed_build_bypass_count": 0,
    "control_original_percent2F_bypass_vulnerable": true,
    "control_original_percent2F_bypass_fixed": false
  },
  "proof_artifacts": [
    "logs/vuln_variant/reproduction_steps.log",
    "logs/vuln_variant/consolidated_comparison.txt",
    "logs/vuln_variant/probe_vuln.json",
    "logs/vuln_variant/probe_fixed.json",
    "vuln_variant/out/comparison.txt"
  ],
  "notes": "No bypass on the fixed (9.3.3 = latest published) build across ~60 candidate probes (encoding, structural, router-option combinations, all HTTP methods, encapsulated-prefix entry point). The vulnerable 9.3.2 build is bypassed by every single-encoded %2F variant (24 hits) but NOT by double/triple-encoded %252F (single-pass decoder). Negative variant result: the 9.3.3 fix is complete for the encoded-slash-in-parameter bypass class."
}
