ruby-grape ruby gem suffers from a cross-site scripting vulnerability via "format" parameter.