https://unaaldia.hispasec.com/2022/12/vulnerabilidad-confused-deputy-aws-appsync.html