{
  "repository": "https://github.com/stacklok/toolhive",
  "commit_source": "release_tag_resolution_and_binary_version_metadata",
  "commit_sha": "493d030ed24b8c012db4c5717475a2386f5b72ce",
  "submitted_target": {
    "target_kind": "release_tag",
    "commit_sha": "bc4beddb921523d1f314b82b5b9d4249ee0a605b",
    "version": "0.30.0",
    "ref": "v0.30.0",
    "display": "ToolHive v0.30.0"
  },
  "variant_target": {
    "target_kind": "release_tag",
    "commit_sha": "493d030ed24b8c012db4c5717475a2386f5b72ce",
    "version": "0.31.0",
    "ref": "v0.31.0",
    "display": "ToolHive v0.31.0 fixed release"
  },
  "additional_tested_targets": [
    {
      "target_kind": "release_tag",
      "commit_sha": "116421213382e82016067d32581b61f4fe1ab807",
      "version": "0.38.0",
      "ref": "v0.38.0",
      "display": "ToolHive v0.38.0 latest release tested"
    }
  ],
  "binary_version_artifacts": {
    "vulnerable": "bundle/logs/vuln_variant/vulnerable_version.txt",
    "fixed": "bundle/logs/vuln_variant/fixed_version.txt",
    "latest": "bundle/logs/vuln_variant/latest_version.txt",
    "source_revisions": "bundle/logs/vuln_variant/source_revisions.txt"
  },
  "notes": "The fixed bypass target is the v0.31.0 release binary reporting commit 493d030ed24b8c012db4c5717475a2386f5b72ce. The variant was also reproduced on the v0.38.0 release binary reporting commit 116421213382e82016067d32581b61f4fe1ab807. Source tag resolution was recorded from the prepared project-cache git checkout."
}
