Register an ordinary user arbitrarily, and upload the avatar
The front-end restricts the file type, and can only upload image-type files
You can modify the suffix of the malicious file to jpg and then modify it back through packet capture
repair suggestion
-The backend increases the inspection of file types and uses whitelist filtering
Filter with blacklist
The text was updated successfully, but these errors were encountered:
Affected versions:v3.1.1
The steps to reproduce
Register an ordinary user arbitrarily, and upload the avatar


The front-end restricts the file type, and can only upload image-type files
You can modify the suffix of the malicious file to jpg and then modify it back through packet capture
repair suggestion
-The backend increases the inspection of file types and uses whitelist filtering
The text was updated successfully, but these errors were encountered: