MinIO (a widely-used "high-performance, S3 compatible object store" published this advisory, which allows for unauthenticated overwrites of any file.

Their open-source AGPL repository is no longer maintained and no patch has been provided - you must download the closed-source binaries to get the fix.