{
  "same_root_cause": true,
  "confidence": "high",
  "parent_root_cause": "Untrusted exchange-header-controlled values are appended to the external docling CLI argv in DoclingProducer before ProcessBuilder.start() without complete validation of allowed flags and path values.",
  "variant_root_cause": "The fixed code validates CamelDoclingCustomArguments but leaves CamelDoclingOutputFilePath unvalidated before appending it as the producer-managed --output value in the same DoclingProducer command list.",
  "shared_sink": "org.apache.camel.component.docling.DoclingProducer.buildDoclingCommand() -> java.lang.ProcessBuilder(command).start()",
  "parent_entry_data_path": "HTTP-controlled args -> CamelDoclingCustomArguments -> addCustomArguments() -> validateCustomArguments() on fixed releases",
  "variant_entry_data_path": "HTTP-controlled X-Out -> CamelDoclingOutputFilePath -> addOutputDirectoryArguments() -> no validatePathSafety() -> --output path traversal",
  "distinctness": "The bypass does not use custom arguments or unknown flags. It uses a separate documented/path-bearing output header that contributes to the same docling argv sink after the custom-argument fix has already rejected unknown flags.",
  "evidence": [
    "bundle/logs/vuln_variant/fixed_4.18.3_custom_args_control_response.txt shows the fixed custom-argument allowlist is active",
    "bundle/logs/vuln_variant/fixed_4.18.3_docling_invocations.log shows --output <safe-output>/../escaped-output on fixed 4.18.3",
    "bundle/logs/vuln_variant/fixed_4.18.3_escaped_marker.txt shows the normalized output directory is outside safe-output",
    "bundle/logs/vuln_variant/latest_4.21.0_docling_invocations.log and latest_4.21.0_escaped_marker.txt show the same behavior on latest-tested 4.21.0"
  ]
}
