{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "HTTP /convert with X-Out: ../escaped-output -> route joins SAFE_OUTPUT_DIR/X-Out -> CamelDoclingOutputFilePath -> DoclingProducer.addOutputDirectoryArguments() -> ProcessBuilder argv --output <traversal path>",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "camel-jetty",
    "camel-docling DoclingProducer",
    "java.lang.ProcessBuilder",
    "docling CLI executable on PATH"
  ],
  "tested_versions": {
    "vulnerable_4.18.2_marker": true,
    "fixed_4.18.3_marker": true,
    "latest_4.21.0_marker": true
  },
  "proof_artifacts": [
    "logs/vuln_variant/reproduction_steps.log",
    "logs/vuln_variant/fixed_version.txt",
    "logs/vuln_variant/vulnerable_4.18.2_service.log",
    "logs/vuln_variant/vulnerable_4.18.2_docling_invocations.log",
    "logs/vuln_variant/vulnerable_4.18.2_response.txt",
    "logs/vuln_variant/vulnerable_4.18.2_escaped_marker.txt",
    "logs/vuln_variant/fixed_4.18.3_service.log",
    "logs/vuln_variant/fixed_4.18.3_docling_invocations.log",
    "logs/vuln_variant/fixed_4.18.3_response.txt",
    "logs/vuln_variant/fixed_4.18.3_escaped_marker.txt",
    "logs/vuln_variant/fixed_4.18.3_custom_args_control_response.txt",
    "logs/vuln_variant/latest_4.21.0_service.log",
    "logs/vuln_variant/latest_4.21.0_docling_invocations.log",
    "logs/vuln_variant/latest_4.21.0_response.txt",
    "logs/vuln_variant/latest_4.21.0_escaped_marker.txt",
    "logs/vuln_variant/latest_4.21.0_custom_args_control_response.txt"
  ],
  "notes": "The same HTTP-controlled output path traversal is passed to docling as --output and writes a marker outside SAFE_OUTPUT_DIR on fixed 4.18.3 and latest 4.21.0. The control request shows the custom-argument allowlist rejects unknown flags on fixed lines, so this is a separate unvalidated path-bearing header gap."
}