Able to steal private files by manipulating response using Compose Email function of Lark

A IDOR (Insecure Direct Object Reference) vulnerability was found within the "Compose Email" functions of Lark. This vulnerability could have allowed malicious users to fetch the files of other users if they knew the specific file ID which was an alphanumeric value. We thank @imran_nisar for reporting this to our team and confirming its resolution.