CVE-2024-31442

Name of the Vulnerable Software and Affected Versions Redon Hub versions prior to 1.0.2

Description The issue affects Redon Hub, a Roblox Product Delivery Bot. In affected versions, all commands can be executed by all users, including admin commands. This allows users to receive products for free and perform actions such as deleting, creating, or updating products, tags, etc. The only command that is not affected is /products admin clear, as it was already restricted to bot owners. Users can upgrade to version 1.0.2 to receive a patch.

Recommendations For versions prior to 1.0.2, upgrade to version 1.0.2 to receive a patch. As a temporary workaround, consider restricting access to admin commands until the patch is applied. Avoid using vulnerable commands, except for the /products admin clear command, which is already secure.