ACP2E-1513: Customer suspects IDOR vulnerability

Author: Anna Bukatar

app/code/Magento/QuoteGraphQl/Model/Resolver/RemoveItemFromCart.php

@@ -86,6 +86,8 @@ public function resolve(Field $field, $context, ResolveInfo $info, array $value
         $itemId = $processedArgs['input']['cart_item_id'];
 
         $storeId = (int)$context->getExtensionAttributes()->getStore()->getId();
+        /** Check if the current user is allowed to perform actions with the cart */
+        $this->getCartForUser->execute($maskedCartId, $context->getUserId(), $storeId);
 
         try {
             $this->cartItemRepository->deleteById($cartId, $itemId);