Project

General

Profile

Actions
Copy link

Bug #44

open

Epic #25: Malicious File Upload Prevention

Story #28: Block Malicious Filenames (Double Extension, Null Byte, Meta Characters)

Validate actual file content, not just extension or MIME.

Added by rashmita rout about 2 months ago.

Status:
New
Priority:
Medium
Assignee:
Ankit Tiwari
Target version:
-
Start date:
01/07/2026
Due date:
% Done:

0%

Estimated time:
Work Type:
Bug Fix
Technical Area:
Bug Origin:
Sprint
Customer Impact:
Planned Sprint:
Completed In Sprint:
Spillover Reason:
Deployment Reference URL:

Description

If a corrupted file is changed with acceptable file extension then it should not accept at FE. shell.php renamed as image.jpg bypasses validation.

Please find the below link for reference:-
https://thehigherpitch-my.sharepoint.com/:v:/p/rashmita_rout/IQA78SvwLrlVQKQBsQsUQPgJAXdNbh6FUJnNrlAxp2xJQgI?e=55fSvZ

No data to display

Actions
Copy link

Also available in: Atom PDF