[MEDIUM] CVE-2020-26136 GraphQL doesn't honour MFA when using basic auth

PKSA-qjqs-6v6h-ygd5 CVE-2020-26136 GHSA-mg2g-8pwj-r2j2

Affected package: silverstripe/graphql

Affected version: >=3.0.0,<3.5.0|>=4.0.0-alpha1,<4.0.0-alpha2

Reported by:
GitHub, FriendsOfPHP/security-advisories