directus is vulnerable to Improper Permission Checks. The vulnerability exists because the permission filters such as `user_created IS $CURRENT_USER` are not properly checked in the library when using a GraphQL subscription, allowing an attacker to get a subscription event for which they do not have permissions, leading to information disclosure.Read More