grape 1.0.3

1 security vulnerability found in version 1.0.3

ruby-grape Gem has XSS via "format" parameter

medium severity CVE-2018-3769
medium severity CVE-2018-3769
Patched versions: >= 1.1.0

When request on API contains the "format" parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header.

Example: http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.