{
  "entrypoint_kind": "api_remote",
  "entrypoint_detail": "Feast Web UI /save-document unauthenticated POST writes attacker JSON via the same Path.resolve()+str.startswith(os.getcwd()) sink as the Feature Server endpoint; the written JSON is then consumed by the Feature Server static_artifacts startup loader in the RCE chain.",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "fixed_target_path_reached": false,
  "runtime_stack": [
    "feast-ui-server",
    "fastapi",
    "uvicorn",
    "FeatureStore",
    "feast-feature-server static_artifacts startup consumer"
  ],
  "tested_revisions": {
    "vulnerable": "be1b52227e1ade9a3be9836391ade45eb1a26909",
    "fixed": "4018e7b0c39825a5647fb17fc5607d72fb4bc0ce",
    "latest_default_branch": "f296d4ba14c5d512429219b2b7845673e0fe524d"
  },
  "proof_artifacts": [
    "logs/vuln_variant/reproduction_steps.log",
    "logs/vuln_variant/vuln_ui_writer.log",
    "logs/vuln_variant/vuln_feature_consumer.log",
    "logs/vuln_variant/fixed_ui_writer.log",
    "logs/vuln_variant/latest_version.txt",
    "vuln_variant/artifacts/http/vuln_ui_save_request.json",
    "vuln_variant/artifacts/http/vuln_ui_save_response.json",
    "vuln_variant/artifacts/http/fixed_ui_save_status.txt",
    "vuln_variant/artifacts/http/fixed_ui_save_response.txt",
    "vuln_variant/artifacts/feature_repo_ui/ui_variant_static_artifacts-labels.json.vuln",
    "vuln_variant/artifacts/ui_variant_rce_marker.vulnerable.txt"
  ],
  "notes": "Confirmed alternate vulnerable entrypoint only; fixed commit and latest default branch do not expose /save-document, so this is not a patch bypass."
}