{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "GET /model/info with attacker-controlled Authorization Bearer token",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "postgresql",
    "litellm-proxy"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/source_delta.txt",
    "logs/proxy_vulnerable.log",
    "logs/proxy_fixed.log",
    "logs/postgres_repro.log",
    "logs/vuln_key_generate.json",
    "logs/fixed_key_generate.json",
    "logs/baseline_unknown.txt",
    "logs/vulnerable_injection.txt",
    "logs/fixed_injection.txt",
    "repro/result.txt"
  ],
  "notes": "Vulnerable LiteLLM 1.83.6 accepted a remote GET /model/info request with an injected Authorization token, PostgreSQL executed pg_sleep(3) from the interpolated WHERE clause, and the endpoint returned 200. LiteLLM 1.83.7 bound the same token as a positional SQL parameter, returned 401, and did not delay."
}