Improper Security Check Handling

api-platform/core is vulnerable to Improper Security Check Handling. The vulnerability is due to a missing break statement in the security check logic, caused by a fallback mechanism that replaces the intended security check after GraphQL resolvers. It allows an attacker to bypass intended security restrictions, potentially leading to unauthorized access or privilege…Read More