{
  "stage": "vuln_variant",
  "claim_outcome": "confirmed",
  "variant_outcome": "bypass_confirmed",
  "repro_result": "confirmed_on_fixed_version",
  "claim_block_reason": null,
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "code_execution",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "malicious H2 JDBC URL (jdbc:h2:mem:<rand>;INIT=CREATE ALIAS EXEC AS '...ProcessBuilder(\"id > marker\")...';CALL EXEC()) supplied unauthenticated via testConnection API as the Paimon catalog 'uri' property with catalog-backend=jdbc and jdbc-driver=org.h2.Driver",
  "trigger_path": "POST /api/metalakes/{metalake}/catalogs/testConnection (provider=lakehouse-paimon, unauthenticated) -> CatalogManager.testConnection -> BaseCatalog.ops() -> PaimonCatalogOperations.initialize -> PaimonCatalogOps.<init> -> CatalogUtils.loadCatalogBackend[WithSimpleAuth] -> checkPaimonConfig(Class.forName(org.h2.Driver)) -> Paimon CatalogFactory.createCatalog -> org.apache.paimon.jdbc.JdbcCatalogFactory.create -> org.apache.paimon.jdbc.JdbcCatalog.<init> -> DriverManager.getConnection(uri) -> H2 driver opens connection and runs INIT -> CREATE ALIAS compiles+executes Java -> ProcessBuilder runs OS command",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": true,
  "exploit_chain_demonstrated": true,
  "is_bypass": true,
  "bypass_of_fix_commit": "5daabcd0e8ddc96e25bd6c6ce7b153cdb311c3f2",
  "bypass_of_fix_cherry_pick": "84d3de9c7c436fbdac72b5f7a1163e65e0580fe2",
  "fixed_version_tested": "1.2.1",
  "fixed_version_commit": "e88bffcfc31b7a656c960245b63b1e4c4901b8ee",
  "vulnerable_version_tested": "1.2.0",
  "vulnerable_version_commit": "1c1665f05e24f69833bcedfb0e6dc6b477f95dc4",
  "fixed_version_marker_created": true,
  "fixed_version_datasourceutils_block_fired": false,
  "blocking_mitigation": null,
  "inferred": false,
  "notes": "The official fix only adds an H2 URL/driver block to DataSourceUtils.createDataSource(), used by the relational JDBC catalogs. The lakehouse-paimon provider with catalog-backend=jdbc opens the JDBC connection via Paimon's own JdbcCatalog (DriverManager.getConnection(uri)), never calling DataSourceUtils, so the block is bypassed. H2 driver is reachable because IsolatedClassLoader treats org.h2.* as a shared (server) class and the server bundles libs/h2-1.4.200.jar. RCE confirmed on the FIXED 1.2.1 server (marker file written by attacker OS command) in two independent script runs."
}
