Skvokeno

Name of the Vulnerable Software and Affected Versions: API Platform versions 2.2.0 through 2.3.5 Description: The issue is related to an Incorrect Access Control vulnerability in GraphQL delete mutations. This allows a user who is authorized to delete a resource to delete any resource. The attack is exploitable if the user has authorization. Recommendations: For API Platform versions 2.2.0 through 2.3.5, update to version 2.3.6 to resolve the issue.