api-platform/core is vulnerable to Information Disclosure. Resource properties secured with the security
option in the ApiPlatform\Metadata\ApiProperty
attribute could be disclosed to unauthorized users when the option depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users.
github.com/advisories/GHSA-vr2x-7687-h6qv
github.com/api-platform/core/commit/5723d68369722feefeb11e42528d9580db5dd0fb
github.com/api-platform/core/releases/tag/v2.7.10
github.com/api-platform/core/releases/tag/v3.0.12
github.com/api-platform/core/releases/tag/v3.1.3
github.com/api-platform/core/security/advisories/GHSA-vr2x-7687-h6qv