{
  "repository": "curl/curl",
  "commit_source": "git_rev_parse",
  "commit_sha": "3f00a2f6fa97f7721b65606954aac979dcb6caac",
  "submitted_target": {
    "target_kind": "git_commit",
    "commit_sha": "6e3f8dc1f173b47de9a68516ce4b95bf25598c2f",
    "version": "8.20.0",
    "ref": "curl-8_20_0",
    "display": "curl/curl @ curl-8_20_0 (6e3f8dc1...)"
  },
  "variant_target": {
    "target_kind": "git_commit",
    "commit_sha": "3f00a2f6fa97f7721b65606954aac979dcb6caac",
    "version": "8.21.0",
    "ref": "curl-8_21_0",
    "display": "curl/curl @ curl-8_21_0 (3f00a2f6...)"
  },
  "notes": "The vulnerable build was the project cache at 6e3f8dc1 (curl-8_20_0). The fixed build was bfbff7852f (patch commit). The latest release build was curl-8_21_0 resolved to 3f00a2f6fa97f7721b65606954aac979dcb6caac. All three were exercised by the variant reproduction script."
}
