GHSA-fc3h-92p8-h36f: Unauthenticated File Upload in Gogs

Gogs, a self-hosted Git service, has a vulnerability where anyone can upload files without logging in if the RequireSigninView setting is disabled (which is the default). Attackers can upload arbitrary files to the server by obtaining a CSRF token (a security token to prevent cross-site request forgery) from the homepage and using it with the /issues/attachments or /releases/attachments endpoints, potentially filling up disk space, hosting malware, or abusing the server as a public file storage service.