{
  "same_root_cause": true,
  "same_vulnerable_sink": true,
  "same_trust_boundary": true,
  "same_impact_chain": true,
  "parent_entrypoint": {
    "file_path": "sdk/python/feast/feature_server.py",
    "function": "get_app.<locals>.save_document_endpoint",
    "endpoint": "POST /save-document",
    "lines_vulnerable_commit": "560-578"
  },
  "variant_entrypoint": {
    "file_path": "sdk/python/feast/ui_server.py",
    "function": "get_app.<locals>.save_document_endpoint",
    "endpoint": "POST /save-document",
    "lines_vulnerable_commit": "124-142"
  },
  "shared_sink": "Path(request.file_path).resolve() followed by naive str(file_path).startswith(os.getcwd()) and json.dump(request.data) to <stem>-labels.json",
  "shared_trust_boundary": "Unauthenticated HTTP caller to Feast Python server in no_auth/no-auth deployment controls file_path and JSON data crossing into server-side filesystem writes.",
  "impact_chain": "Attacker-written JSON in feature repository is consumed by Feast Feature Server load_static_artifacts() startup extension and causes startup hook execution in the demonstrated deployment component.",
  "confidence": "high",
  "notes": "The variant is materially distinct because it reaches the same sink from the Web UI server rather than the Feature Server endpoint. It is not a patch bypass because the fixed commit removes both entrypoints."
}
