GHSA-GGGM-66RH-PP98 Incorrect Permission Checking for GraphQL Subscriptions
Summary CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Access to information you should not have access to when the permissions rely on $CURRENTUSER for filtering. Details The permission filters i.e. usercreated IS $CURRENTUSER are not properly checked when using GraphQL...