Skip to content
This repository has been archived by the owner on Dec 30, 2022. It is now read-only.

API giving out files without key

High
parker02311 published GHSA-76mx-6584-4v8q Oct 18, 2021

Package

website.py (Quart)

Affected versions

<=1.0.1

Patched versions

1.0.2

Description

Impact

This security risk allowed people who have your API url to get product files without a API key

Patches

Update to version 1.0.2

Workarounds

In BOT/lib/cogs/website.py under the route for /v1/products add @require_apikey

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2021-41191

Weaknesses

Credits