grape 1.0.3
1 security vulnerability
found in version
1.0.3
ruby-grape Gem has XSS via "format" parameter
medium severity CVE-2018-3769
medium severity
CVE-2018-3769
Patched versions:
>= 1.1.0
When request on API contains the "format" parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header.
Example: http://example.com/api/endpoint?format=%3Cscript%3Ealert(document.cookie)%3C/script%3E
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.