Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.Referenceshttps://blog.gitea.com/release-of-1.23.0/https://github.com/go-gitea/gitea/releases/tag/v1.23.0https://github.com/go-gitea/gitea/pull/32151
