{
  "repository": "ohler55/oj",
  "commit_source": "git_rev_parse",
  "commit_sha": "bbde91a679728f94c4492ebc3683f4fa3309049f",
  "submitted_target": {
    "target_kind": "git_commit",
    "commit_sha": "495cc38fc5a02681da2175960d4a667fae48f3c9",
    "version": "3.17.2",
    "ref": "v3.17.2",
    "display": "ohler55/oj @ 495cc38 (v3.17.2, vulnerable parent of fix)"
  },
  "variant_target": {
    "target_kind": "git_commit",
    "commit_sha": "bbde91a679728f94c4492ebc3683f4fa3309049f",
    "version": "3.17.3",
    "ref": "v3.17.3",
    "display": "ohler55/oj @ bbde91a (v3.17.3, fixed) — tested for bypass; no bypass found"
  },
  "tested_ref_resolution": {
    "vulnerable_commit": "495cc38fc5a02681da2175960d4a667fae48f3c9",
    "fixed_commit": "bbde91a679728f94c4492ebc3683f4fa3309049f",
    "usual_c_earlier_fix_commit": "ec368dbe936ef0104b782e4b0f67b17d6c7276f7",
    "usual_c_fix_is_ancestor_of_vulnerable": true,
    "clone_method": "git clone https://github.com/ohler55/oj.git (durable project cache)",
    "build_method": "ruby extconf.rb && make (manual, no rake/bundler)",
    "ruby_version": "3.3.8 (x86_64-linux-gnu)",
    "gcc_version": "15.2.0"
  },
  "notes": "Verdict is no_variant_found (no distinct variant/bypass confirmed), so source_identity.json is provided for completeness rather than as a mandatory bypass-proof artifact. The exact tested commits for both the vulnerable and fixed versions are recorded above. The repo was restored to the fixed commit bbde91a after testing."
}
