websafe-kb/08-threat-intel/registry/runs/undici-undici--CVE-2022-31151-20260318013150.json

{
  "run_id": "undici-undici--CVE-2022-31151-20260318013150",
  "system_id": "undici",
  "advisory_id": "undici--CVE-2022-31151",
  "repro_profile_id": "undici-ssrf",
  "verification_status": "verified-real",
  "verification_mode": "real",
  "artifact_mode": "local-fixture",
  "target_env": "local-docker",
  "compose_services": [
    "app"
  ],
  "baseline_refs": [
    "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150/logs/baseline.json"
  ],
  "attack_steps": [
    {
      "kind": "runner",
      "tool": "undici.ssrf",
      "status": "completed",
      "status_code": 200,
      "result_path": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150/logs/attack.json"
    }
  ],
  "browser_refs": [],
  "browser_evidence": {
    "required": false,
    "present": false,
    "refs": [],
    "baseline_refs": [],
    "proof_refs": [],
    "baseline_title": null,
    "proof_title": null,
    "error_kind": null,
    "reason": null
  },
  "container_log_refs": [
    "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150/logs/docker/app.log"
  ],
  "request_log_refs": [
    "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150/logs/attack.json",
    "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150/logs/baseline.json"
  ],
  "compose_refs": [
    "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150/compose/compose.yaml"
  ],
  "timeline": [
    {
      "at": "2026-03-18T01:31:50+00:00",
      "step": "select-advisory",
      "status": "completed",
      "detail": "undici--CVE-2022-31151"
    },
    {
      "at": "2026-03-18T01:31:50+00:00",
      "step": "resolve-repro-profile",
      "status": "completed",
      "detail": "undici-ssrf"
    },
    {
      "at": "2026-03-18T01:31:51+00:00",
      "step": "doctor",
      "status": "completed",
      "detail": "all checks passed"
    },
    {
      "at": "2026-03-18T01:31:54+00:00",
      "step": "provision-compose-environment",
      "status": "ready",
      "detail": ""
    },
    {
      "at": "2026-03-18T01:31:54+00:00",
      "step": "wait-ready",
      "status": "completed",
      "detail": "baseline urls ready (1)"
    },
    {
      "at": "2026-03-18T01:31:54+00:00",
      "step": "seed-environment",
      "status": "completed",
      "detail": "steps=1"
    },
    {
      "at": "2026-03-18T01:31:54+00:00",
      "step": "baseline-snapshot",
      "status": "completed",
      "detail": "urls=1"
    },
    {
      "at": "2026-03-18T01:31:54+00:00",
      "step": "controlled-attack-chain",
      "status": "completed",
      "detail": "steps=1"
    },
    {
      "at": "2026-03-18T01:31:54+00:00",
      "step": "collect-logs-and-evidence",
      "status": "completed",
      "detail": "container_logs=1"
    },
    {
      "at": "2026-03-18T01:31:55+00:00",
      "step": "cleanup-compose-environment",
      "status": "completed",
      "detail": "docker compose down completed"
    },
    {
      "at": "2026-03-18T01:31:55+00:00",
      "step": "update-registry-and-reports",
      "status": "completed",
      "detail": "undici-undici--CVE-2022-31151-20260318013150"
    }
  ],
  "success_evaluation": {
    "passed": true,
    "verification_status": "verified-real",
    "blocked_reason": null,
    "assertions": [
      {
        "name": "baseline-ok",
        "kind": "baseline-ok",
        "passed": true,
        "detail": "baseline URLs responded without 5xx or transport errors"
      },
      {
        "name": "runner-success",
        "kind": "runner-success",
        "passed": true,
        "detail": "server-side callback reached the local sink"
      }
    ]
  },
  "historical_status": "verified-real",
  "latest_status": "verified-real",
  "started_at": "2026-03-18T01:31:50+00:00",
  "finished_at": "2026-03-18T01:31:55+00:00",
  "blocked_reason": null,
  "report_refs": {
    "bundle_dir": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150",
    "report_md": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150/report.md",
    "report_html": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150/report.html",
    "timeline": "/Users/x/websafe/06-case-studies/generated-runs/undici-undici--CVE-2022-31151-20260318013150/timeline.mmd"
  }
}