GHSA-WXWM-3FXV-MRVX Directus: GraphQL Schema SDL Disclosure Setting

Summary When GRAPHQLINTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries schema, type. However, the serverspecsgraphql resolver on the /graphql/system endpoint returns an equivalent SDL representation of the schema and was not subject to the same...