Validation
I have received the following vulnerability report. Your job is to be a skeptical reviewer.
For each claimed vulnerability, answer:
1. **Is it real?** Read the actual code. Does the vulnerable code path actually exist as described? Are there mitigations the original analyst missed (bounds checks, sanitizers, wrappers)?
2. **Is it exploitable?** Can an attacker actually reach this code path with controlled input? What are the prerequisites? Is there ASLR/DEP/stack canaries/CFI that would prevent exploitation?
3. **Is the severity correct?** Given the actual exploitability and prerequisites, is the CVSS score appropriate? Adjust if needed.
4. **Is the PoC valid?** Would the described proof-of-concept actually trigger the vulnerability? Are there logical errors in the exploit path description?
Output for each finding:when to use it
Community prompt sourced from the open-source GitHub repo Keyvanhardani/mythos-research (Apache-2.0). A "Validation" style prompt — adapt the placeholders and specifics to your task. Imported as-is and not independently retested here, so check the output before relying on it.
tags
careercommunitygeneral
source
Keyvanhardani/mythos-research · Apache-2.0