{
  "steps": [
    {
      "kind": "runner",
      "tool": "nextjs.authz-bypass",
      "status": "completed",
      "status_code": 200,
      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/nextjs-nextjs--CVE-2024-51479-20260318012913/logs/attack.json"
    }
  ],
  "success": true,
  "detail": "server-side authorization recheck was bypassed",
  "before": {
    "status_code": 403,
    "ok": false,
    "body": {
      "ok": false,
      "detail": "admin boundary still enforced"
    }
  },
  "attack": {
    "status_code": 200,
    "ok": true,
    "body": {
      "ok": true,
      "detail": "server-side authorization recheck was bypassed",
      "case_id": "nextjs--CVE-2024-51479"
    }
  },
  "after": {
    "status_code": 200,
    "ok": true,
    "body": {
      "ok": true,
      "detail": "server-side authorization recheck was bypassed",
      "case_id": "nextjs--CVE-2024-51479"
    }
  },
  "proof": {
    "status_code": 200,
    "ok": true,
    "body": {
      "success": true,
      "detail": "server-side authorization recheck was bypassed",
      "case_id": "nextjs--CVE-2024-51479",
      "sink_hits": 0,
      "uploads": [],
      "events": [
        {
          "event": "seed",
          "detail": "nextjs--CVE-2024-51479"
        },
        {
          "event": "attack",
          "detail": "server-side authorization recheck was bypassed"
        }
      ]
    }
  },
  "assertions": [
    {
      "name": "proof-success",
      "kind": "runner-proof",
      "passed": true,
      "detail": "server-side authorization recheck was bypassed"
    }
  ]
}