{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "code_execution",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "Unauthenticated POST to /save-document with attacker-controlled file_path pointing to the active Feast feature repository static_artifacts.json and data containing a startup_hook.shell JSON payload",
  "trigger_path": "POST /save-document -> SaveDocumentRequest(file_path,data) -> Path(file_path).resolve() -> naive str(file_path).startswith(os.getcwd()) bypass when cwd=/ or string-prefix sibling traversal -> write static_artifacts-labels.json -> Feast Feature Server restart -> feature_server.py load_static_artifacts() imports feature_repo/static_artifacts.py -> deployment component consumes attacker-written JSON -> attacker-controlled startup hook executes",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": true,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": null,
  "inferred": false
}
