Unrated severityNVD Advisory· Published Oct 27, 2021· Updated Aug 4, 2024

API giving out files without key

CVE-2021-41191

Description

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @require_apikey in BOT/lib/cogs/website.py under the route for /v1/products.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Redon-Tech/Roblox-Purchasing-Hubllm-create2 versions
<=1.0.1+ 1 more
- (no CPE)range: <=1.0.1
- (no CPE)range: < 1.0.2

Patches

Vulnerability mechanics

References

github.com/Redon-Tech/Roblox-Purchasing-Hub/commit/58a22260eca40b1a0377daf61ccd8c4dc1440e03mitrex_refsource_MISC
github.com/Redon-Tech/Roblox-Purchasing-Hub/releases/tag/V1.0.2mitrex_refsource_MISC
github.com/Redon-Tech/Roblox-Purchasing-Hub/security/advisories/GHSA-76mx-6584-4v8qmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000