{
  "repository": "github.com/EGroupware/smallpart",
  "commit_source": "git_rev_parse",
  "commit_sha": "b8754b6b8ec41d94807e2eecbeded3dc8b7f834a",
  "submitted_target": {
    "target_kind": "docker_image",
    "commit_sha": "736702baa2c0f5bc7660821436b5ffe947d46d2c",
    "version": "26.2.20260216",
    "ref": "26.2.20260216",
    "display": "egroupware/egroupware:26.2.20260216 (vulnerable)"
  },
  "variant_target": {
    "target_kind": "docker_image",
    "commit_sha": "b8754b6b8ec41d94807e2eecbeded3dc8b7f834a",
    "version": "26.2.20260224",
    "ref": "26.2.20260224",
    "display": "egroupware/egroupware:26.2.20260224 (fixed)"
  },
  "notes": "The variant target (fixed version) was tested via Docker image egroupware/egroupware:26.2.20260224. The smallpart repo commit for tag 26.2.20260224 is b8754b6b8ec41d94807e2eecbeded3dc8b7f834a (verified via git rev-list -1 26.2.20260224 on the smallpart repo mirror). The isParticipant() function was verified byte-identical across 26.2.20260216 (commit 736702b), 26.2.20260224 (commit b8754b6), and 26.7.20260702 (latest) via git diff. The Docker image labels show org.opencontainers.image.version=24.04 (base OS); the egroupware version is the image tag."
}
