Ruby/grape/0.7.0


A Ruby framework for rapid API development with great conventions.

https://rubygems.org/gems/grape
MIT

2 Security Vulnerabilities

Moderate severity vulnerability that affects grape

Published date: 2018-08-13T20:45:32Z
CVE: CVE-2018-3769
Links:

The grape rubygem suffers from a cross-site scripting (XSS) vulnerability via format parameter.

Affected versions: ["1.0.3", "1.0.2", "1.0.1", "1.0.0", "0.19.2", "0.19.1", "0.19.0", "0.18.0", "0.17.0", "0.16.2", "0.16.1", "0.15.0", "0.14.0", "0.13.0", "0.12.0", "0.11.0", "0.10.1", "0.10.0", "0.9.0", "0.8.0", "0.7.0", "0.6.1", "0.6.0", "0.5.0", "0.4.1", "0.4.0", "0.3.2", "0.3.1", "0.3.0", "0.2.6", "0.2.5", "0.2.4", "0.2.3", "0.2.2", "0.2.1.1", "0.2.1", "0.2.0", "0.1.5", "0.1.4", "0.1.3", "0.1.1", "0.1.0", "0.0.0.alpha.2", "0.0.0.alpha.1"]
Secure versions: [1.5.0, 1.4.0, 1.3.3, 1.3.2, 1.3.1, 1.3.0, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.2]
Recommendation: Update to version 1.6.2.

ruby-grape Gem has XSS via "format" parameter

Published date: 2018-05-23
CVE: 2018-3769
Links:

When request on API contains the format parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header.

Example: http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Affected versions: ["1.0.3", "1.0.2", "1.0.1", "1.0.0", "0.19.2", "0.19.1", "0.19.0", "0.18.0", "0.17.0", "0.16.2", "0.16.1", "0.15.0", "0.14.0", "0.13.0", "0.12.0", "0.11.0", "0.10.1", "0.10.0", "0.9.0", "0.8.0", "0.7.0", "0.6.1", "0.6.0", "0.5.0", "0.4.1", "0.4.0", "0.3.2", "0.3.1", "0.3.0", "0.2.6", "0.2.5", "0.2.4", "0.2.3", "0.2.2", "0.2.1.1", "0.2.1", "0.2.0", "0.1.5", "0.1.4", "0.1.3", "0.1.1", "0.1.0", "0.0.0.alpha.2", "0.0.0.alpha.1"]
Secure versions: [1.5.0, 1.4.0, 1.3.3, 1.3.2, 1.3.1, 1.3.0, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.6.2]
Recommendation: Update to version 1.6.2.

63 Other Versions

Version License Security Released
1.6.2 MIT 2021-12-30 - 18:02 8 months
1.6.1 MIT 2021-12-28 - 14:19 8 months
1.6.0 MIT 2021-10-04 - 11:29 11 months
1.5.3 MIT 2021-03-07 - 21:52 over 1 year
1.5.2 MIT 2021-02-06 - 10:57 over 1 year
1.5.1 MIT 2020-11-15 - 13:28 almost 2 years
1.5.0 MIT 2020-10-05 - 12:25 almost 2 years
1.4.0 MIT 2020-07-10 - 19:01 about 2 years
1.3.3 MIT 2020-05-23 - 06:20 about 2 years
1.3.2 MIT 2020-04-12 - 07:49 over 2 years
1.3.1 MIT 2020-03-11 - 19:39 over 2 years
1.3.0 MIT 2020-01-11 - 08:27 over 2 years
1.2.5 MIT 2019-12-01 - 16:19 over 2 years
1.2.4 MIT 2019-06-13 - 10:49 about 3 years
1.2.3 MIT 2019-01-16 - 17:52 over 3 years
1.2.2 MIT 2018-12-07 - 15:57 over 3 years
1.2.1 MIT 2018-11-28 - 18:15 over 3 years
1.2.0 MIT 2018-11-26 - 15:19 over 3 years
1.1.0 MIT 2018-08-04 - 16:56 about 4 years
1.0.3 MIT 2 2018-04-23 - 23:36 over 4 years
1.0.2 MIT 2 2018-01-10 - 22:03 over 4 years
1.0.1 MIT 2 2017-09-08 - 17:40 almost 5 years
1.0.0 MIT 2 2017-07-03 - 20:02 about 5 years
0.19.2 MIT 2 2017-04-12 - 05:16 over 5 years
0.19.1 MIT 2 2017-01-09 - 16:25 over 5 years
0.19.0 MIT 2 2016-12-19 - 00:37 over 5 years
0.18.0 MIT 2 2016-10-06 - 21:23 almost 6 years
0.17.0 MIT 2 2016-07-29 - 20:20 about 6 years
0.16.2 MIT 2 2016-04-11 - 20:35 over 6 years
0.16.1 MIT 2 2016-04-02 - 18:53 over 6 years
0.15.0 MIT 2 2016-03-08 - 19:31 over 6 years
0.14.0 MIT 2 2015-12-07 - 19:38 over 6 years
0.13.0 MIT 2 2015-08-10 - 18:56 about 7 years
0.12.0 MIT 2 2015-06-18 - 12:58 about 7 years
0.11.0 MIT 2 2015-02-23 - 15:32 over 7 years
0.10.1 MIT 2 2014-12-28 - 15:31 over 7 years
0.10.0 MIT 2 2014-12-19 - 19:31 over 7 years
0.9.0 MIT 2 2014-08-27 - 12:10 almost 8 years
0.8.0 MIT 2 2014-07-10 - 14:21 about 8 years
0.7.0 MIT 2 2014-04-02 - 17:04 over 8 years
0.6.1 MIT 2 2013-10-19 - 20:02 almost 9 years
0.6.0 MIT 2 2013-09-16 - 13:41 almost 9 years
0.5.0 MIT 2 2013-06-14 - 17:50 about 9 years
0.4.1 MIT 2 2013-04-01 - 13:00 over 9 years
0.4.0 MIT 2 2013-03-17 - 17:35 over 9 years
0.3.2 MIT 2 2013-03-01 - 01:59 over 9 years
0.3.1 MIT 2 2013-02-25 - 20:44 over 9 years
0.3.0 MIT 2 2013-02-21 - 15:11 over 9 years
0.2.6 MIT 2 2013-01-11 - 14:28 over 9 years
0.2.5 MIT 2 2013-01-11 - 01:26 over 9 years
0.2.4 MIT 2 2013-01-06 - 21:53 over 9 years
0.2.3 MIT 2 2012-12-24 - 20:27 over 9 years
0.2.2 UNKNOWN 2 2012-10-12 - 15:06 almost 10 years
0.2.1.1 MIT 2 2013-01-11 - 20:50 over 9 years
0.2.1 UNKNOWN 2 2012-07-13 - 17:14 about 10 years
0.2.0 UNKNOWN 2 2012-03-28 - 23:45 over 10 years
0.1.5 UNKNOWN 2 2011-07-15 - 03:27 about 11 years
0.1.4 UNKNOWN 2 2011-04-08 - 05:33 over 11 years
0.1.3 UNKNOWN 2 2011-01-10 - 18:11 over 11 years
0.1.1 UNKNOWN 2 2010-11-14 - 17:15 almost 12 years
0.1.0 UNKNOWN 2 2010-11-13 - 20:20 almost 12 years
0.0.0.alpha.2 UNKNOWN 2 2010-08-31 - 02:28 almost 12 years
0.0.0.alpha.1 UNKNOWN 2 2010-08-27 - 06:06 almost 12 years