Description
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.
Remediation
References
https://github.com/xuhuisheng/lemon/issues/175
Related Vulnerabilities
CVE-2023-25762 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step
CVE-2014-10064 Vulnerability in npm package qs
CVE-2021-23450 Vulnerability in npm package dojo
CVE-2022-25869 Vulnerability in maven package org.webjars.bower:angular
CVE-2022-43433 Vulnerability in maven package io.jenkins.plugins:screenrecorder