{"vulnerability": "CVE-2021-41191", "sightings": [{"uuid": "6127b6a6-bcb1-495e-8fbc-841d4b294add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41191", "type": "seen", "source": "https://t.me/cibsecurity/31332", "content": "\u203c CVE-2021-41191 \u203c\n\nRoblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-28T00:16:27.000000Z"}]}