{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "authz_bypass",
  "observed_impact_class": "ssrf",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "attacker-controlled OIDC endpoint URLs using a public-FQDN hostname that resolves to a private IP, supplied in POST /sso/register with skipDiscovery:true",
  "trigger_path": "POST /api/auth/sso/register -> stored OIDC config -> POST /api/auth/sign-in/sso -> /api/auth/sso/callback/:providerId -> server-side fetch to tokenEndpoint and userInfoEndpoint",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": "Runtime DNS resolution check (assertOIDCEndpointsResolvePublic) added in @better-auth/sso@1.6.23 blocks the variant. The 1.6.11 fix is bypassable.",
  "inferred": false,
  "variant_verdict": "confirmed_bypass",
  "variant_summary": "Bypass of the 1.6.11 SSRF patch using a public-FQDN hostname that resolves to a private RFC1918 IP address. The patched server still performs server-side fetches to attacker-controlled token and userInfo endpoints during the OIDC callback."
}
