@harishkumar0394 reported a direct object reference vulnerability that could have allowed an attacker to change the logo for any OAuth application. GitHub allows OAuth applications to customize their logo by uploading an image. However, this endpoint failed to verify that the uploader had permission to administer the referenced OAuth application. We addressed this by adding the missing authorization check for this endpoint.