diff --git a/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SFTPUtil.java b/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SFTPUtil.java
index 2451596f..b11ee776 100644
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SFTPUtil.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SFTPUtil.java
@@ -2,6 +2,7 @@ package org.jeecg.common.util;
 
 import com.jcraft.jsch.*;
 import org.jeecg.common.constant.SymbolConstant;
+import org.jeecg.common.util.filter.StrAttackFilter;
 import org.jeecg.common.util.text.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -191,7 +192,7 @@ public class SFTPUtil {
             }
             String fileName = null;
             // 获取文件名
-            String orgName = file.getOriginalFilename();
+            String orgName = StrAttackFilter.filter(file.getOriginalFilename());
             orgName = CommonUtils.getFileName(orgName);
             if(orgName.indexOf(SymbolConstant.SPOT)!=-1){
                 fileName = orgName.substring(0, orgName.lastIndexOf(".")) + "_" + System.currentTimeMillis() + orgName.substring(orgName.lastIndexOf("."));
diff --git a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java
index f6c302f9..521095a7 100644
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java
@@ -15,6 +15,7 @@ import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.util.*;
 import org.jeecg.common.util.filter.FileTypeFilter;
+import org.jeecg.common.util.filter.StrAttackFilter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -183,7 +184,7 @@ public class CommonController {
             }
             // 获取文件名
             if(fileName == null){
-                String orgName = mf.getOriginalFilename();
+                String orgName = StrAttackFilter.filter(mf.getOriginalFilename());
                 if (orgName != null) {
                     orgName = CommonUtils.getFileName(orgName);
                     if(orgName.contains(SymbolConstant.SPOT)){