Vulnerability Description
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redon | Roblox Purchasing Hub | < 1.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/Redon-Tech/Roblox-Purchasing-Hub/commit/58a22260eca40b1a0377dPatchThird Party Advisory
- https://github.com/Redon-Tech/Roblox-Purchasing-Hub/releases/tag/V1.0.2Release NotesThird Party Advisory
- https://github.com/Redon-Tech/Roblox-Purchasing-Hub/security/advisories/GHSA-76mThird Party Advisory
- https://github.com/Redon-Tech/Roblox-Purchasing-Hub/commit/58a22260eca40b1a0377dPatchThird Party Advisory
- https://github.com/Redon-Tech/Roblox-Purchasing-Hub/releases/tag/V1.0.2Release NotesThird Party Advisory
- https://github.com/Redon-Tech/Roblox-Purchasing-Hub/security/advisories/GHSA-76mThird Party Advisory
FAQ
What is CVE-2021-41191?
CVE-2021-41191 is a vulnerability with a CVSS score of 7.5 (HIGH). Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. Th...
How severe is CVE-2021-41191?
CVE-2021-41191 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41191?
Check the references section above for vendor advisories and patch information. Affected products include: Redon Roblox Purchasing Hub.