Glassyamadeus

**Name of the Vulnerable Software and Affected Versions** JFinal cos before 2019-08-13 JFinal version 4.4 **Description** The issue allows bypassing the `isSafeFile()` function, enabling the upload of any file type. For instance, a `.jsp` file can be uploaded, stored, and potentially deleted immediately, but certain exceptions may prevent this deletion. **Recommendations** For JFinal cos before 2019-08-13, consider updating to a version released after 2019-08-13 to address the issue. For JFinal version 4.4, consider updating to a version that incorporates the fix for the `isSafeFile()` function bypass vulnerability.