Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.
References
Configurations
History
07 Jan 2026, 20:02
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:redon:roblox_purchasing_hub:*:*:*:*:*:*:*:* | |
| References | () https://github.com/Redon-Tech/Redon-Hub/commit/38cb7c08d4d890e8a1badadbd46f459f06e3cdcd - Patch | |
| References | () https://github.com/Redon-Tech/Redon-Hub/security/advisories/GHSA-3rx8-6453-7q26 - Vendor Advisory | |
| First Time |
Redon roblox Purchasing Hub
Redon |
21 Nov 2024, 09:13
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Redon-Tech/Redon-Hub/commit/38cb7c08d4d890e8a1badadbd46f459f06e3cdcd - | |
| References | () https://github.com/Redon-Tech/Redon-Hub/security/advisories/GHSA-3rx8-6453-7q26 - |
08 Apr 2024, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-04-08 16:15
Updated : 2026-01-07 20:02
NVD link : CVE-2024-31442
Mitre link : CVE-2024-31442
CVE.ORG link : CVE-2024-31442
JSON object : View
Products Affected
redon
- roblox_purchasing_hub
CWE
CWE-276
Incorrect Default Permissions