VYPR
High severity7.5OSV Advisory· Published Oct 15, 2018· Updated Jun 17, 2026

CVE-2018-18315

CVE-2018-18315

Description

com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • xuhuisheng/LemonOSV2 versions
    lemon-0.8.0, lemon-0.9.0, lemon-1.0.0, …+ 1 more
    • (no CPE)range: lemon-0.8.0, lemon-0.9.0, lemon-1.0.0, …
    • (no CPE)range: <1.9.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.