ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter.
ruby-grape grape