Able to steal private files by manipulating response using Auto Reply function of Lark

A IDOR (Insecure Direct Object Reference) vulnerability was found within the "AutoReply" functions of Lark. This vulnerability could have allowed malicious users to fetch the files of other users if they knew the specific file ID which was an alphanumeric value. We thank @imran_nisar for reporting this to our team and confirming its resolution.