Ruby/grape/0.7.0


A Ruby framework for rapid API development with great conventions.

https://rubygems.org/gems/grape
MIT

2 Security Vulnerabilities

Moderate severity vulnerability that affects grape

Published date: 2018-08-13T20:45:32Z
CVE: CVE-2018-3769
Links:

The grape rubygem suffers from a cross-site scripting (XSS) vulnerability via format parameter.

Affected versions: ["1.0.3", "1.0.2", "1.0.1", "1.0.0", "0.19.2", "0.19.1", "0.19.0", "0.18.0", "0.17.0", "0.16.2", "0.16.1", "0.15.0", "0.14.0", "0.13.0", "0.12.0", "0.11.0", "0.10.1", "0.10.0", "0.9.0", "0.8.0", "0.7.0", "0.6.1", "0.6.0", "0.5.0", "0.4.1", "0.4.0", "0.3.2", "0.3.1", "0.3.0", "0.2.6", "0.2.5", "0.2.4", "0.2.3", "0.2.2", "0.2.1.1", "0.2.1", "0.2.0", "0.1.5", "0.1.4", "0.1.3", "0.1.1", "0.1.0", "0.0.0.alpha.2", "0.0.0.alpha.1"]
Secure versions: [1.5.0, 1.4.0, 1.3.3, 1.3.2, 1.3.1, 1.3.0, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0]
Recommendation: Update to version 1.6.0.

ruby-grape Gem has XSS via "format" parameter

Published date: 2018-05-23
CVE: 2018-3769
Links:

When request on API contains the format parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header.

Example: http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Affected versions: ["1.0.3", "1.0.2", "1.0.1", "1.0.0", "0.19.2", "0.19.1", "0.19.0", "0.18.0", "0.17.0", "0.16.2", "0.16.1", "0.15.0", "0.14.0", "0.13.0", "0.12.0", "0.11.0", "0.10.1", "0.10.0", "0.9.0", "0.8.0", "0.7.0", "0.6.1", "0.6.0", "0.5.0", "0.4.1", "0.4.0", "0.3.2", "0.3.1", "0.3.0", "0.2.6", "0.2.5", "0.2.4", "0.2.3", "0.2.2", "0.2.1.1", "0.2.1", "0.2.0", "0.1.5", "0.1.4", "0.1.3", "0.1.1", "0.1.0", "0.0.0.alpha.2", "0.0.0.alpha.1"]
Secure versions: [1.5.0, 1.4.0, 1.3.3, 1.3.2, 1.3.1, 1.3.0, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0]
Recommendation: Update to version 1.6.0.

61 Other Versions

Version License Security Released
1.6.0 MIT 2021-10-04 - 11:29 about 2 months
1.5.3 MIT 2021-03-07 - 21:52 9 months
1.5.2 MIT 2021-02-06 - 10:57 10 months
1.5.1 MIT 2020-11-15 - 13:28 about 1 year
1.5.0 MIT 2020-10-05 - 12:25 about 1 year
1.4.0 MIT 2020-07-10 - 19:01 over 1 year
1.3.3 MIT 2020-05-23 - 06:20 over 1 year
1.3.2 MIT 2020-04-12 - 07:49 over 1 year
1.3.1 MIT 2020-03-11 - 19:39 over 1 year
1.3.0 MIT 2020-01-11 - 08:27 almost 2 years
1.2.5 MIT 2019-12-01 - 16:19 almost 2 years
1.2.4 MIT 2019-06-13 - 10:49 over 2 years
1.2.3 MIT 2019-01-16 - 17:52 almost 3 years
1.2.2 MIT 2018-12-07 - 15:57 almost 3 years
1.2.1 MIT 2018-11-28 - 18:15 about 3 years
1.2.0 MIT 2018-11-26 - 15:19 about 3 years
1.1.0 MIT 2018-08-04 - 16:56 over 3 years
1.0.3 MIT 2 2018-04-23 - 23:36 over 3 years
1.0.2 MIT 2 2018-01-10 - 22:03 almost 4 years
1.0.1 MIT 2 2017-09-08 - 17:40 about 4 years
1.0.0 MIT 2 2017-07-03 - 20:02 over 4 years
0.19.2 MIT 2 2017-04-12 - 05:16 over 4 years
0.19.1 MIT 2 2017-01-09 - 16:25 almost 5 years
0.19.0 MIT 2 2016-12-19 - 00:37 almost 5 years
0.18.0 MIT 2 2016-10-06 - 21:23 about 5 years
0.17.0 MIT 2 2016-07-29 - 20:20 over 5 years
0.16.2 MIT 2 2016-04-11 - 20:35 over 5 years
0.16.1 MIT 2 2016-04-02 - 18:53 over 5 years
0.15.0 MIT 2 2016-03-08 - 19:31 over 5 years
0.14.0 MIT 2 2015-12-07 - 19:38 almost 6 years
0.13.0 MIT 2 2015-08-10 - 18:56 over 6 years
0.12.0 MIT 2 2015-06-18 - 12:58 over 6 years
0.11.0 MIT 2 2015-02-23 - 15:32 almost 7 years
0.10.1 MIT 2 2014-12-28 - 15:31 almost 7 years
0.10.0 MIT 2 2014-12-19 - 19:31 almost 7 years
0.9.0 MIT 2 2014-08-27 - 12:10 over 7 years
0.8.0 MIT 2 2014-07-10 - 14:21 over 7 years
0.7.0 MIT 2 2014-04-02 - 17:04 over 7 years
0.6.1 MIT 2 2013-10-19 - 20:02 about 8 years
0.6.0 MIT 2 2013-09-16 - 13:41 about 8 years
0.5.0 MIT 2 2013-06-14 - 17:50 over 8 years
0.4.1 MIT 2 2013-04-01 - 13:00 over 8 years
0.4.0 MIT 2 2013-03-17 - 17:35 over 8 years
0.3.2 MIT 2 2013-03-01 - 01:59 over 8 years
0.3.1 MIT 2 2013-02-25 - 20:44 almost 9 years
0.3.0 MIT 2 2013-02-21 - 15:11 almost 9 years
0.2.6 MIT 2 2013-01-11 - 14:28 almost 9 years
0.2.5 MIT 2 2013-01-11 - 01:26 almost 9 years
0.2.4 MIT 2 2013-01-06 - 21:53 almost 9 years
0.2.3 MIT 2 2012-12-24 - 20:27 almost 9 years
0.2.2 UNKNOWN 2 2012-10-12 - 15:06 about 9 years
0.2.1.1 MIT 2 2013-01-11 - 20:50 almost 9 years
0.2.1 UNKNOWN 2 2012-07-13 - 17:14 over 9 years
0.2.0 UNKNOWN 2 2012-03-28 - 23:45 over 9 years
0.1.5 UNKNOWN 2 2011-07-15 - 03:27 over 10 years
0.1.4 UNKNOWN 2 2011-04-08 - 05:33 over 10 years
0.1.3 UNKNOWN 2 2011-01-10 - 18:11 almost 11 years
0.1.1 UNKNOWN 2 2010-11-14 - 17:15 about 11 years
0.1.0 UNKNOWN 2 2010-11-13 - 20:20 about 11 years
0.0.0.alpha.2 UNKNOWN 2 2010-08-31 - 02:28 about 11 years
0.0.0.alpha.1 UNKNOWN 2 2010-08-27 - 06:06 over 11 years