CVE-2021-41191

Summary

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @require_apikey in BOT/lib/cogs/website.py under the route for /v1/products.

Affected Software

VendorProductVersion RangeStatus
Redon-TechRoblox-Purchasing-Hub< 1.0.2affected

Weaknesses

  • CWE-116: CWE-116: Improper Encoding or Escaping of Output

ADP Enrichment

CVE Program Container

Additional References

References