Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
API giving out files without key
Vulnerability Description
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
Roblox-Purchasing-Hub 安全漏洞
Vulnerability Description
Roblox-Purchasing-Hub是一个 Roblox 产品采购中心。 Roblox-Purchasing-Hub 存在安全漏洞,该漏洞源于 Roblox-Purchasing-Hub 1.0.1 版本及之前版本中的安全风险允许拥有某人的 API URL 的人在没有 API 密钥的情况下获取产品文件。
CVSS Information
N/A
Vulnerability Type
N/A