Redon

redon

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Roblox Purchasing Hub

roblox_purchasing_hub

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-31442 1Redon 1Roblox Purchasing Hub Jan 7, 2026 Apr 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for f...Show more Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.Show less
CVE-2021-41191 1Redon 1Roblox Purchasing Hub Nov 21, 2024 Oct 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in...Show more Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-31442

1Redon

1Roblox Purchasing Hub

Jan 7, 2026

Apr 8, 2024

N/A· v4

8.8 HIGH· v3

N/A· v2

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.Show less

CVE-2021-41191

1Redon

1Roblox Purchasing Hub

Nov 21, 2024

Oct 27, 2021

N/A· v4

7.5 HIGH· v3

5.0 MEDIUM· v2

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.Show less