MinIO (a widely-used "high-performance, S3 compatible object store" published this advisory, which allows for unauthenticated overwrites of any file.
Their open-source AGPL repository is no longer maintained and no patch has been provided - you must download the closed-source binaries to get the fix.
This is the write up from my first Google vulnerability which exposed a whole bunch of call logs. It was a fun thing to discover and a nice reminder that even Google isn't infallible to these sorts of breaches.
* It is illegal for a platform to provide children with a social media account, not for the child to create an account. Circumvention of this by the child is not illegal.
* No grandfathering - all accounts under 16 once this takes effect (which won't be until this time next year at earliest) must be deactivated.
* Maximum fine (per instance?) is 50 million AUD (about 32 million USD)
* The legislation is vague on the technical details, although it does specifically mandate that platforms cannot use government-issued ID of any kind (including digital ID).
Their open-source AGPL repository is no longer maintained and no patch has been provided - you must download the closed-source binaries to get the fix.