CVE-2023-38388

Name of the Vulnerable Software and Affected Versions JupiterX Core versions 3.3.5 and earlier

Description The issue is related to an Unrestricted Upload of File with Dangerous Type, allowing unauthenticated arbitrary file upload. This can be exploited through an API endpoint, although the specific endpoint is not mentioned. The filename and filetype variables may be relevant in this context, but exact details are not provided. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For JupiterX Core versions 3.3.5 and earlier, update to a version later than 3.3.5 to resolve the issue. As a temporary workaround, consider restricting access to file upload functionality until a patch is available. Avoid using the file upload feature in the affected API endpoint until the issue is resolved.