High severity7.5OSV Advisory· Published Oct 15, 2018· Updated Jun 17, 2026
CVE-2018-18315
CVE-2018-18315
Description
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2lemon-0.8.0, lemon-0.9.0, lemon-1.0.0, …+ 1 more
- (no CPE)range: lemon-0.8.0, lemon-0.9.0, lemon-1.0.0, …
- (no CPE)range: <1.9.0
Patches
Vulnerability mechanics
References
1- github.com/xuhuisheng/lemon/issues/175nvdThird Party Advisory
News mentions
0No linked articles in our index yet.