{
  "claim_outcome": "confirmed",
  "claim_block_reason": "null",
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "code_execution",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "medium",
  "attacker_controlled_input": "HTTP query parameter args mapped into CamelDoclingCustomArguments as List<String>, carrying --pruva-rce-command-b64 and a base64 encoded command string",
  "trigger_path": "GET /convert?args=--pruva-rce-command-b64,<b64> -> camel-jetty -> CamelDoclingCustomArguments -> camel-docling DoclingProducer -> ProcessBuilder(docling, argv...) -> real docling CLI pluggy entrypoint import -> proof plugin executes argv-supplied command",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": "Fixed Camel 4.18.3 validates custom arguments against a strict allowlist and rejects the injected --pruva-rce-command-b64 option before ProcessBuilder starts the docling subprocess; affected 4.16.0 and 4.18.2 pass the unknown option to real docling and the proof plugin executes the argv-supplied command.",
  "inferred": false
}
