CVE-2021-28661
packagist/silverstripe/secureassets
Incorrect Authorization
Default SilverStripe GraphQL Server (aka silverstripe/graphql) permission checker is not inherited by query subclass.
All versions starting from 3.0.0 before 3.5.2
Upgrade to version 3.5.2 or above.
2021-10-18
source |