{
  "parent_claim": {
    "cve": "CVE-2026-41042",
    "root_cause": "Unauthenticated caller supplies an arbitrary JDBC URL through the Gravitino catalog testConnection/creation API; the URL reaches the bundled H2 driver at connection time and H2's INIT parameter runs arbitrary SQL, with CREATE ALIAS AS '<java>' compiling and executing arbitrary Java (ProcessBuilder) -> RCE.",
    "sink": "H2 INIT -> CREATE ALIAS -> compiled Java -> ProcessBuilder -> OS command, executed when a JDBC connection to jdbc:h2:... is opened inside the server JVM.",
    "trust_boundary": "Unauthenticated remote HTTP -> POST /api/metalakes/{metalake}/catalogs/testConnection (default SimpleAuthenticator, gravitino.authorization.enable=false).",
    "fix": "commit 5daabcd0e8ddc96e25bd6c6ce7b153cdb311c3f2 (cherry-pick 84d3de9c7) adds an H2 URL/driver block to DataSourceUtils.createDataSource() only."
  },
  "variant": {
    "root_cause": "Same unauthenticated-JDBC-URL-to-bundled-H2-driver RCE, but the JDBC connection is opened by Paimon's own JdbcCatalog (org.apache.paimon.jdbc.JdbcCatalog -> DriverManager.getConnection(uri)) for provider=lakehouse-paimon with catalog-backend=jdbc, instead of by Gravitino's DataSourceUtils.createDataSource().",
    "sink": "Identical: H2 INIT -> CREATE ALIAS -> compiled Java -> ProcessBuilder -> OS command on the fixed 1.2.1 server.",
    "trust_boundary": "Identical: unauthenticated remote HTTP -> POST /api/metalakes/{metalake}/catalogs/testConnection (same default config).",
    "shared_enabler": "core IsolatedClassLoader.isSharedClass() delegates non-catalog classes (org.h2.Driver) to the server classloader, which bundles libs/h2-1.4.200.jar; so the H2 driver is loadable from the Paimon provider with no extra jars."
  },
  "equivalence_assessment": {
    "same_sink": true,
    "same_primitive": true,
    "same_trust_boundary": true,
    "same_impact_class": true,
    "same_attacker_controlled_input_class": true,
    "different_entry_point": true,
    "different_connection_opening_code": true,
    "covered_by_parent_fix": false,
    "same_root_cause_confidence": "high",
    "same_surface_confidence": "high",
    "rationale": "The underlying bug (untrusted JDBC URL -> bundled H2 driver connect-time code execution via INIT/CREATE ALIAS) and the impact (unauthenticated RCE) are identical to the parent CVE. The only differences are the catalog-provider entry point (lakehouse-paimon vs jdbc-postgresql) and the code that opens the JDBC connection (Paimon JdbcCatalog vs Gravitino DataSourceUtils). The parent fix does not cover the Paimon path, so this is a true bypass rather than a relabelled duplicate."
  },
  "evidence": {
    "fixed_version_marker_created": true,
    "fixed_version_marker_content": "uid=1000(vscode) gid=1000(vscode) groups=1000(vscode)",
    "fixed_version_datasourceutils_block_fired": false,
    "fixed_version_commit": "e88bffcfc31b7a656c960245b63b1e4c4901b8ee",
    "reproducer": "bundle/vuln_variant/reproduction_steps.sh",
    "verdict": "bundle/vuln_variant/validation_verdict.json"
  }
}
