{
  "equivalent": true,
  "reason": "The bypass reaches the same deserialization sink as the parent CVE: BaseSerialization.deserialize() calls import_string() on an attacker-controlled class name read directly from the serialized payload. The only difference is the encoded type tag (airflow_exc_ser instead of base_trigger).",
  "parent_trigger_path": "airflow.serialization.serialized_objects.BaseSerialization.deserialize() with type base_trigger",
  "variant_trigger_path": "airflow.serialization.serialized_objects.BaseSerialization.deserialize() with type airflow_exc_ser",
  "shared_sink": "airflow._shared.module_loading.import_string() invoked in BaseSerialization.deserialize()",
  "trust_boundary": "DAG-author supplied serialized DAG content is loaded by the Scheduler and API Server; the attacker-controlled class name crosses from untrusted DAG content into the trusted control-plane process.",
  "fix_scope_gap": "Apache Airflow 3.3.0 removed the base_trigger branch but left the airflow_exc_ser branch unprotected, so the same root cause remains exploitable.",
  "evidence": "bundle/logs/vuln_variant_reproduction.log shows both Apache Airflow 3.2.2 and 3.3.0 import the attacker-controlled module and execute module-level code when given an airflow_exc_ser payload."
}
