{
  "entrypoint_kind": "function_call",
  "entrypoint_detail": "BaseSerialization.deserialize() on crafted airflow_exc_ser payload",
  "service_started": false,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "python",
    "apache-airflow",
    "airflow.serialization.serialized_objects.BaseSerialization"
  ],
  "proof_artifacts": [
    "logs/vuln_variant_reproduction.log",
    "logs/vuln_variant_vulnerable_result.json",
    "logs/vuln_variant_fixed_result.json",
    "vuln_variant/deserialize_harness_exc_ser.py"
  ],
  "notes": "Vulnerable Airflow 3.2.2 and fixed 3.3.0 both imported attacker-controlled module via airflow_exc_ser deserialization; the 3.3.0 fix only removed the base_trigger branch, leaving the exception branch unprotected."
}