{
  "id": "java-log4j-CVE-2021-44228-log4shell",
  "cve": "CVE-2021-44228",
  "description": "STUB: Replace with accurate description and threat model for the specific CVE/case.",
  "threat_model": {
    "entry_points": [
      "STUB: define concrete inputs"
    ],
    "preconditions": [
      "STUB: feature flags / modules / protocols enabled"
    ],
    "privilege_boundary": [
      "STUB: describe boundary (if any)"
    ]
  },
  "ground_truth": {
    "reachable_variant": {
      "status": "affected",
      "evidence": {
        "symbols": [
          "sym://java:java.c#sink"
        ],
        "paths": [
          [
            "sym://net:handler#read",
            "sym://java:java.c#entry",
            "sym://java:java.c#sink"
          ]
        ],
        "runtime_proof": "traces.runtime.jsonl: lines 1-5"
      }
    },
    "unreachable_variant": {
      "status": "not_affected",
      "justification": "vulnerable_code_not_in_execute_path",
      "evidence": {
        "pruning_reason": [
          "STUB: feature disabled, module absent, or policy denies"
        ],
        "blocked_edges": [
          "sym://java:java.c#entry -> sym://java:java.c#sink"
        ]
      }
    }
  }
}