{
  "claim_outcome": "confirmed",
  "claim_block_reason": "null",
  "repro_result": "confirmed",
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "claimed_impact_class": "code_execution",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "H2 database connection string in POST /api/ee/database-routing/destination-database details.db",
  "trigger_path": "POST /api/ee/database-routing/destination-database then POST /api/dataset opens the persisted H2 destination",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": true,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": "Fixed v1.61.2 calls driver/validate-db-details! on destination creation and rejects unsafe H2 details before persistence",
  "inferred": false
}
