Roblox · Roblox-Purchasing-Hub · CVE-2021-41191
**Name of the Vulnerable Software and Affected Versions**
Roblox-Purchasing-Hub versions 1.0.1 and prior
**Description**
A security risk in Roblox-Purchasing-Hub allowed individuals with access to someone's API URL to obtain product files without an API key.
**Recommendations**
For versions 1.0.1 and prior, update to version 1.0.2 to resolve the issue.
As a temporary workaround for versions 1.0.1 and prior, consider adding `@require apikey` in `BOT/lib/cogs/website.py` under the route for "/v1/products".