### Key Vulnerability Information Summary **1. Vulnerability Overview** * **Vulnerability Type**: File Upload Bypass. * **Detailed Description**: Fixed a flaw in the JSP file upload detection logic. The original mechanism (`isJSPFile`) relied solely on checking whether a filename ends with `.jsp`. Attackers could bypass this check by appending invisible whitespace characters (e.g., spaces, tabs) to the filename, causing `name.endsWith(".jsp")` to fail and enabling the upload of malicious JSP files. * **Reference ID**: Issue #44140. **2. Affected Scope** * **Affected Component**: Apache Commons FileUpload. * **Affected Files**: `ItemInputStream.java` (core detection logic), `ItemInputStreamTest.java` (test case). **3. Fix Solution** * **Core Logic**: Trim whitespace characters from the filename before performing suffix matching, removing leading and trailing whitespace. * **Code Changes**: * **Original Code**: `name.endsWith(".jsp")` * **Fixed Code**: `name.trim().endsWith(".jsp")` **4. Relevant Code Snippets (Patch)** ```java // ItemInputStream.java // Before fix if (name.endsWith(".jsp")) { // ... } // After fix if (name.trim().endsWith(".jsp")) { // ... } ``` ```java // ItemInputStreamTest.java (new test case) @Test public void testJSPFileUploadWithWhitespacePadding() { // Validate that filenames with trailing whitespace are correctly identified as JSP // The test confirms the effectiveness of the trim() operation in the detection logic // (Implementation details not fully visible in screenshot, but intent is clear) } ```