Lack of Backend Validation for Uploaded Image Size and Type #31
Comments
|
您好,您的邮件我已收到,谢谢您~
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Lack proper validation for uploaded image files in the backend.
While there is validation in the frontend component "img-box.vue," it is crucial to perform server-side validation as well. This vulnerability allows attackers to upload files of any type and size, potentially leading to XSS attacks or resource exhaustion, which can result in DDoS attacks.
It is recommended to implement server-side validation for uploaded image files, in
ServerResponseEntity<OssVO> com.mall4j.cloud.biz.controller.OssController.uploadFile(@RequestParam(value="file") MultipartFile file) throws IOException. This includes checking the file size and verifying that the file type is allowed (e.g., image/jpeg, image/png). By implementing these validations in the backend, you can prevent the upload of malicious files, mitigate the risk of XSS attacks, and prevent resource consumption that could lead to DDoS attacks.The text was updated successfully, but these errors were encountered: