This repository is a synthetic demo target for Endor Labs EXPOSURE.
- The current state is deliberately vulnerable (HOT). EXPOSURE will report a HOT verdict against it.
- Tracked CVE:
CVE-2021-23797(no upstream fix; mitigated only via a compensating control). - A demo PR opened by EXPOSURE swaps the canonical configuration file for a hardened variant that breaks the exploit chain — without upgrading the vulnerable dependency.
- The customer effort to apply the fix is one click (review + merge).
This repo is not a production application. It exists only to anchor the EXPOSURE "click → real PR opens" demo against a real GitHub repository.