Access control bypass allows unauthorized file uploads to API/R2 buckets（访问控制权限绕过允许未授权文件上传至API/R2存储桶）

[ithRSpoi]

Chatgpt-web-midjourney-proxy Version - 2.24.5

The website requires permission authentication to allow access, and the control console deletes the front-end restriction code

In gpt-4-all, unauthorized users can upload files directly

POST /openapi/pre_signed POST /openapi/v1/upload

Access control bypass allows unauthorized file uploads to API/R2 buckets, which could be exploited maliciously to consume resources