Legal Robot: Privilege Escalation to Admin-level Account

A security researcher discovered a potentially serious privilege escalation issue in our system which was ultimately traced to our use of the allow-deny package provided in the open source Meteor framework. We implemented a short-term fix using triggers - not great performance on the same day thi...