A Confused Deputy Vulnerability in AWS AppSync | Dark Hacker News