The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.