Ruby/grape/0.11.0


A Ruby framework for rapid API development with great conventions.

https://rubygems.org/gems/grape
MIT

2 Security Vulnerabilities

grape subject to Cross-site Scripting

Published date: 2018-08-13T20:45:32Z
CVE: CVE-2018-3769
Links:

The grape rubygem suffers from a cross-site scripting (XSS) vulnerability via format parameter.

Affected versions: ["1.0.3", "1.0.2", "1.0.1", "1.0.0", "0.19.2", "0.19.1", "0.19.0", "0.18.0", "0.17.0", "0.16.2", "0.16.1", "0.15.0", "0.14.0", "0.13.0", "0.12.0", "0.11.0", "0.10.1", "0.10.0", "0.9.0", "0.8.0", "0.7.0", "0.6.1", "0.6.0", "0.5.0", "0.4.1", "0.4.0", "0.3.2", "0.3.1", "0.3.0", "0.2.6", "0.2.5", "0.2.4", "0.2.3", "0.2.2", "0.2.1.1", "0.2.1", "0.2.0", "0.1.5", "0.1.4", "0.1.3", "0.1.1", "0.1.0", "0.0.0.alpha.2", "0.0.0.alpha.1"]
Secure versions: [1.5.0, 1.4.0, 1.3.3, 1.3.2, 1.3.1, 1.3.0, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.8.0, 2.0.0]
Recommendation: Update to version 2.0.0.

ruby-grape Gem has XSS via "format" parameter

Published date: 2018-05-23
CVE: 2018-3769
CVSS V3: 6.1
Links:

When request on API contains the format parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header.

Example: http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Affected versions: ["1.0.3", "1.0.2", "1.0.1", "1.0.0", "0.19.2", "0.19.1", "0.19.0", "0.18.0", "0.17.0", "0.16.2", "0.16.1", "0.15.0", "0.14.0", "0.13.0", "0.12.0", "0.11.0", "0.10.1", "0.10.0", "0.9.0", "0.8.0", "0.7.0", "0.6.1", "0.6.0", "0.5.0", "0.4.1", "0.4.0", "0.3.2", "0.3.1", "0.3.0", "0.2.6", "0.2.5", "0.2.4", "0.2.3", "0.2.2", "0.2.1.1", "0.2.1", "0.2.0", "0.1.5", "0.1.4", "0.1.3", "0.1.1", "0.1.0", "0.0.0.alpha.2", "0.0.0.alpha.1"]
Secure versions: [1.5.0, 1.4.0, 1.3.3, 1.3.2, 1.3.1, 1.3.0, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.8.0, 2.0.0]
Recommendation: Update to version 2.0.0.

67 Other Versions

Version License Security Released
2.0.0 MIT 2023-11-11 - 14:48 5 months
1.8.0 MIT 2023-08-30 - 23:30 7 months
1.7.1 MIT 2023-05-14 - 20:21 11 months
1.7.0 MIT 2022-12-20 - 15:24 over 1 year
1.6.2 MIT 2021-12-30 - 18:02 about 2 years
1.6.1 MIT 2021-12-28 - 14:19 about 2 years
1.6.0 MIT 2021-10-04 - 11:29 over 2 years
1.5.3 MIT 2021-03-07 - 21:52 about 3 years
1.5.2 MIT 2021-02-06 - 10:57 about 3 years
1.5.1 MIT 2020-11-15 - 13:28 over 3 years
1.5.0 MIT 2020-10-05 - 12:25 over 3 years
1.4.0 MIT 2020-07-10 - 19:01 over 3 years
1.3.3 MIT 2020-05-23 - 06:20 almost 4 years
1.3.2 MIT 2020-04-12 - 07:49 almost 4 years
1.3.1 MIT 2020-03-11 - 19:39 about 4 years
1.3.0 MIT 2020-01-11 - 08:27 about 4 years
1.2.5 MIT 2019-12-01 - 16:19 over 4 years
1.2.4 MIT 2019-06-13 - 10:49 almost 5 years
1.2.3 MIT 2019-01-16 - 17:52 about 5 years
1.2.2 MIT 2018-12-07 - 15:57 over 5 years
1.2.1 MIT 2018-11-28 - 18:15 over 5 years
1.2.0 MIT 2018-11-26 - 15:19 over 5 years
1.1.0 MIT 2018-08-04 - 16:56 over 5 years
1.0.3 MIT 2 2018-04-23 - 23:36 almost 6 years
1.0.2 MIT 2 2018-01-10 - 22:03 about 6 years
1.0.1 MIT 2 2017-09-08 - 17:40 over 6 years
1.0.0 MIT 2 2017-07-03 - 20:02 over 6 years
0.19.2 MIT 2 2017-04-12 - 05:16 almost 7 years
0.19.1 MIT 2 2017-01-09 - 16:25 about 7 years
0.19.0 MIT 2 2016-12-19 - 00:37 over 7 years
0.18.0 MIT 2 2016-10-06 - 21:23 over 7 years
0.17.0 MIT 2 2016-07-29 - 20:20 over 7 years
0.16.2 MIT 2 2016-04-11 - 20:35 almost 8 years
0.16.1 MIT 2 2016-04-02 - 18:53 almost 8 years
0.15.0 MIT 2 2016-03-08 - 19:31 about 8 years
0.14.0 MIT 2 2015-12-07 - 19:38 over 8 years
0.13.0 MIT 2 2015-08-10 - 18:56 over 8 years
0.12.0 MIT 2 2015-06-18 - 12:58 almost 9 years
0.11.0 MIT 2 2015-02-23 - 15:32 about 9 years
0.10.1 MIT 2 2014-12-28 - 15:31 about 9 years
0.10.0 MIT 2 2014-12-19 - 19:31 over 9 years
0.9.0 MIT 2 2014-08-27 - 12:10 over 9 years
0.8.0 MIT 2 2014-07-10 - 14:21 over 9 years
0.7.0 MIT 2 2014-04-02 - 17:04 almost 10 years
0.6.1 MIT 2 2013-10-19 - 20:02 over 10 years
0.6.0 MIT 2 2013-09-16 - 13:41 over 10 years
0.5.0 MIT 2 2013-06-14 - 17:50 almost 11 years
0.4.1 MIT 2 2013-04-01 - 13:00 almost 11 years
0.4.0 MIT 2 2013-03-17 - 17:35 about 11 years
0.3.2 MIT 2 2013-03-01 - 01:59 about 11 years
0.3.1 MIT 2 2013-02-25 - 20:44 about 11 years
0.3.0 MIT 2 2013-02-21 - 15:11 about 11 years
0.2.6 MIT 2 2013-01-11 - 14:28 about 11 years
0.2.5 MIT 2 2013-01-11 - 01:26 about 11 years
0.2.4 MIT 2 2013-01-06 - 21:53 about 11 years
0.2.3 MIT 2 2012-12-24 - 20:27 over 11 years
0.2.2 UNKNOWN 2 2012-10-12 - 15:06 over 11 years
0.2.1.1 MIT 2 2013-01-11 - 20:50 about 11 years
0.2.1 UNKNOWN 2 2012-07-13 - 17:14 over 11 years
0.2.0 UNKNOWN 2 2012-03-28 - 23:45 almost 12 years
0.1.5 UNKNOWN 2 2011-07-15 - 03:27 over 12 years
0.1.4 UNKNOWN 2 2011-04-08 - 05:33 almost 13 years
0.1.3 UNKNOWN 2 2011-01-10 - 18:11 about 13 years
0.1.1 UNKNOWN 2 2010-11-14 - 17:15 over 13 years
0.1.0 UNKNOWN 2 2010-11-13 - 20:20 over 13 years
0.0.0.alpha.1 UNKNOWN 2 2010-08-27 - 06:06 over 13 years
0.0.0.alpha.2 UNKNOWN 2 2010-08-31 - 02:28 over 13 years