cvedb.io
CVE-2021-41191
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-10-27T21:15:08.133 · Last modified 2026-06-17T04:08:03.820

Summary

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.

Affected products

redon — roblox_purchasing_hub

Does this affect you?

Add your gear to cvedb and we'll alert you only when redon ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.