diff --git a/art-server/art-server-system/src/main/java/com/art/system/controller/FileController.java b/art-server/art-server-system/src/main/java/com/art/system/controller/FileController.java
index 3acb37df..5f6e5e47 100644
--- a/art-server/art-server-system/src/main/java/com/art/system/controller/FileController.java
+++ b/art-server/art-server-system/src/main/java/com/art/system/controller/FileController.java
@@ -86,6 +86,14 @@ public void download(@RequestBody FileDownloadDTO fileDownloadDTO, HttpServletRe
 	@GetMapping("/download/{bucket}/{fileName}")
 	public void download(@PathVariable("bucket") String bucket, @PathVariable("fileName") String fileName,
 			HttpServletResponse response) {
+        if (fileName == null) {
+            return ResponseEntity.notFound().build();
+        }
+
+        if (fileName.contains("../")){
+            return ResponseEntity.badRequest().build();
+        }
+
 		fileService.getFile(bucket, fileName, response);
 	}