@blrhc reported that the endpoint for the Report abuse button on Gists was vulnerable to CSRF. We addressed this issue by not allowing GET requests to this endpoint.
Report abuse
GET