{
  "same_root_cause": true,
  "confidence": "high",
  "parent_sink": "airflow.serialization.serialized_objects.BaseSerialization.deserialize() calling import_string() on a serialized DAG controlled class path",
  "variant_sink": "airflow.serialization.serialized_objects.BaseSerialization.deserialize() calling import_string(exc_cls_name) in the DAT.AIRFLOW_EXC_SER branch",
  "parent_trigger_type": "DAT.BASE_TRIGGER / __type=base_trigger",
  "variant_trigger_type": "DAT.AIRFLOW_EXC_SER / __type=airflow_exc_ser",
  "shared_trust_boundary": "Attacker-controlled serialized DAG metadata is loaded by the Airflow API Server/Scheduler, crossing the DAG-author-to-control-plane boundary described in Airflow's security model.",
  "material_difference": "The parent path uses the removed BASE_TRIGGER branch; the variant uses a separate exception-serialization branch that remains in fixed/latest Airflow 3.3.0.",
  "impact_equivalence": "Both paths import an attacker-controlled module in the API Server process and execute module-level Python code.",
  "evidence_refs": [
    "bundle/logs/vuln_variant/base_deserialize_diff.txt",
    "bundle/logs/vuln_variant/airflow_exc_3.3.0_variant.json",
    "bundle/vuln_variant/artifacts/airflow_exc_3.3.0_variant/api_server_airflow_exc_marker.txt"
  ]
}
