A rather cleverly named vulnerability allowing JSON-based SQL to bypass a WAF — more details on {JS-ON: Security-OFF} here:

https://t.co/pBYQRj61hZ