CiviCRM versions 5.13.0 and earlier
CiviCRM version 5.13.4 and 5.7.6
In CiviCRM APIv3, a generic action ("getOptions") inappropriately propagated an advanced option ("condition") to a lower level function, which effectively allowed a caller to include arbitary SQL conditions. The "getOptions" API will now ignore the "condition" option.
Upgrade to the latest version of CiviCRM
Coleman Watts of CiviCRM Core Team for reporting the isssue and fixing the issue.