Description
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.
Remediation
References
https://github.com/xuhuisheng/lemon/issues/175
Related Vulnerabilities
CVE-2018-3721 Vulnerability in maven package org.webjars:lodash
CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-widget
CVE-2021-46363 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2022-31147 Vulnerability in maven package org.webjars.npm:jquery-validation
CVE-2020-26245 Vulnerability in npm package systeminformation