Ruby/grape/0.7.0
A Ruby framework for rapid API development with great conventions.
https://rubygems.org/gems/grape
MIT
2 Security Vulnerabilities
grape subject to Cross-site Scripting
Published date: 2018-08-13T20:45:32Z
CVE: CVE-2018-3769
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2018-3769
- https://github.com/advisories/GHSA-f599-5m7p-hcpf
- https://github.com/ruby-grape/grape/issues/1762
- https://github.com/ruby-grape/grape/pull/1763
- https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grape/CVE-2018-3769.yml
The grape rubygem suffers from a cross-site scripting (XSS) vulnerability via format
parameter.
Affected versions:
["1.0.3", "1.0.2", "1.0.1", "0.19.2", "0.19.1", "0.16.2", "0.15.0", "0.13.0", "0.12.0", "0.10.0", "0.8.0", "0.6.1", "0.6.0", "0.4.1", "0.4.0", "0.2.4", "0.2.3", "0.2.2", "0.2.1", "0.1.4", "0.1.3", "0.1.0", "0.0.0.alpha.2", "0.0.0.alpha.1", "1.0.0", "0.19.0", "0.18.0", "0.17.0", "0.16.1", "0.14.0", "0.11.0", "0.10.1", "0.9.0", "0.7.0", "0.5.0", "0.3.2", "0.3.1", "0.3.0", "0.2.6", "0.2.5", "0.2.1.1", "0.2.0", "0.1.5", "0.1.1"]
Secure versions:
[1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.8.0, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.3.0, 2.4.0]
Recommendation:
Update to version 2.4.0.
ruby-grape Gem has XSS via "format" parameter
Published date: 2018-05-23
CVE: 2018-3769
CVSS V3: 6.1
When request on API contains the format
parameter in GET, the input
value of this parameter is rendered as the web-server responds with
text/html header.
Example: http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Affected versions:
["1.0.3", "1.0.2", "1.0.1", "0.19.2", "0.19.1", "0.16.2", "0.15.0", "0.13.0", "0.12.0", "0.10.0", "0.8.0", "0.6.1", "0.6.0", "0.4.1", "0.4.0", "0.2.4", "0.2.3", "0.2.2", "0.2.1", "0.1.4", "0.1.3", "0.1.0", "0.0.0.alpha.2", "0.0.0.alpha.1", "1.0.0", "0.19.0", "0.18.0", "0.17.0", "0.16.1", "0.14.0", "0.11.0", "0.10.1", "0.9.0", "0.7.0", "0.5.0", "0.3.2", "0.3.1", "0.3.0", "0.2.6", "0.2.5", "0.2.1.1", "0.2.0", "0.1.5", "0.1.1"]
Secure versions:
[1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.8.0, 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.2.0, 2.3.0, 2.4.0]
Recommendation:
Update to version 2.4.0.
74 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 2.4.0 | MIT | 2025-06-18 - 20:16 | 5 months | |
| 2.3.0 | MIT | 2025-02-08 - 13:33 | 9 months | |
| 2.2.0 | MIT | 2024-09-14 - 10:02 | about 1 year | |
| 2.1.3 | MIT | 2024-07-13 - 13:50 | over 1 year | |
| 2.1.2 | MIT | 2024-06-28 - 07:33 | over 1 year | |
| 2.1.1 | MIT | 2024-06-22 - 16:00 | over 1 year | |
| 2.1.0 | MIT | 2024-06-15 - 14:54 | over 1 year | |
| 2.0.0 | MIT | 2023-11-11 - 14:48 | almost 2 years | |
| 1.8.0 | MIT | 2023-08-30 - 23:30 | about 2 years | |
| 1.7.1 | MIT | 2023-05-14 - 20:21 | over 2 years | |
| 1.7.0 | MIT | 2022-12-20 - 15:24 | almost 3 years | |
| 1.6.2 | MIT | 2021-12-30 - 18:02 | almost 4 years | |
| 1.6.1 | MIT | 2021-12-28 - 14:19 | almost 4 years | |
| 1.6.0 | MIT | 2021-10-04 - 11:29 | about 4 years | |
| 1.5.3 | MIT | 2021-03-07 - 21:52 | over 4 years | |
| 1.5.2 | MIT | 2021-02-06 - 10:57 | over 4 years | |
| 1.5.1 | MIT | 2020-11-15 - 13:28 | almost 5 years | |
| 1.5.0 | MIT | 2020-10-05 - 12:25 | about 5 years | |
| 1.4.0 | MIT | 2020-07-10 - 19:01 | over 5 years | |
| 1.3.3 | MIT | 2020-05-23 - 06:20 | over 5 years | |
| 1.3.2 | MIT | 2020-04-12 - 07:49 | over 5 years | |
| 1.3.1 | MIT | 2020-03-11 - 19:39 | over 5 years | |
| 1.3.0 | MIT | 2020-01-11 - 08:27 | almost 6 years | |
| 1.2.5 | MIT | 2019-12-01 - 16:19 | almost 6 years | |
| 1.2.4 | MIT | 2019-06-13 - 10:49 | over 6 years | |
| 1.2.3 | MIT | 2019-01-16 - 17:52 | almost 7 years | |
| 1.2.2 | MIT | 2018-12-07 - 15:57 | almost 7 years | |
| 1.2.1 | MIT | 2018-11-28 - 18:15 | almost 7 years | |
| 1.2.0 | MIT | 2018-11-26 - 15:19 | almost 7 years | |
| 1.1.0 | MIT | 2018-08-04 - 16:56 | over 7 years | |
| 1.0.3 | MIT | 2 | 2018-04-23 - 23:36 | over 7 years |
| 1.0.2 | MIT | 2 | 2018-01-10 - 22:03 | almost 8 years |
| 1.0.1 | MIT | 2 | 2017-09-08 - 17:40 | about 8 years |
| 1.0.0 | MIT | 2 | 2017-07-03 - 20:02 | over 8 years |
| 0.19.2 | MIT | 2 | 2017-04-12 - 05:16 | over 8 years |
| 0.19.1 | MIT | 2 | 2017-01-09 - 16:25 | almost 9 years |
| 0.19.0 | MIT | 2 | 2016-12-19 - 00:37 | almost 9 years |
| 0.18.0 | MIT | 2 | 2016-10-06 - 21:23 | about 9 years |
| 0.17.0 | MIT | 2 | 2016-07-29 - 20:20 | over 9 years |
| 0.16.2 | MIT | 2 | 2016-04-11 - 20:35 | over 9 years |
| 0.16.1 | MIT | 2 | 2016-04-02 - 18:53 | over 9 years |
| 0.15.0 | MIT | 2 | 2016-03-08 - 19:31 | over 9 years |
| 0.14.0 | MIT | 2 | 2015-12-07 - 19:38 | almost 10 years |
| 0.13.0 | MIT | 2 | 2015-08-10 - 18:56 | about 10 years |
| 0.12.0 | MIT | 2 | 2015-06-18 - 12:58 | over 10 years |
| 0.11.0 | MIT | 2 | 2015-02-23 - 15:32 | over 10 years |
| 0.10.1 | MIT | 2 | 2014-12-28 - 15:31 | almost 11 years |
| 0.10.0 | MIT | 2 | 2014-12-19 - 19:31 | almost 11 years |
| 0.9.0 | MIT | 2 | 2014-08-27 - 12:10 | about 11 years |
| 0.8.0 | MIT | 2 | 2014-07-10 - 14:21 | over 11 years |