Authorization bypass vulnerability in Node.JS