CVE-2021-41191

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-41191
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41191.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-41191
Related
  • GHSA-76mx-6584-4v8q
Published
2021-10-27T21:15:08Z
Modified
2025-01-15T02:04:30.733178Z
Summary
[none]
Details

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @require_apikey in BOT/lib/cogs/website.py under the route for /v1/products.

References

Affected packages

Git / github.com/redon-tech/roblox-purchasing-hub

Affected ranges

Type
GIT
Repo
https://github.com/redon-tech/roblox-purchasing-hub
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

V0.*

V0.8
V0.9

V1.*

V1.0
V1.0.1
V1.1