All method-override versions

[email protected] rejected Risk: 53 MIT

method-override @2.0.2

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
53
Risk Score
MIT
License
No
Install Scripts
3
Dependencies
3
Dev Dependencies
4.1 KB
Package Size
Published

Override HTTP verbs

Maintainers

jongleberrydougwilsonshtylmantjholowaychukmscdexfishrock123

Dependencies (3)

PackageConstraintRegistry Status
vary 0.1.0 auto_approved
methods 1.0.1 auto_approved
parseurl 1.0.1 auto_approved

Dev Dependencies (3)

PackageConstraintRegistry Status
mocha ~1.20.0 auto_approved
istanbul 0.2.10 No greenflagged match
supertest ~0.13.0 auto_approved

Transitive Dependency Tree

3 transitive deps max depth 1
  ├─ methods 1.0.1 → 1.0.1
  ├─ parseurl 1.0.1 → 1.0.1
  ├─ vary 0.1.0 → 0.1.0

Changes from v1.0.2

Dependency Changes

ChangePackageVersion
added vary 0.1.0
added parseurl 1.0.1
changed methods 1.0.0 → 1.0.1

File Changes

0 added 0 removed 4 modified size delta: +5.0 KB

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
osv:GHSA-qx2f-477c-35rq osv reject AI AI (osv): HIGH severity ReDoS (CVE-2017-16136) affects all versions < 2.3.10; fix available. Verdict generalizes across affected range.

SAST Findings (2)

CRITICAL GHSA-qx2f-477c-35rq: method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header osv

[Always reject] CVSS 7.5 (HIGH) — CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected versions of `method-override` are vulnerable to a regular expression denial of service vulnerability when untrusted user input is passed into the `X-HTTP-Method-Override` header. ## Recommendation Update to version 2.3.10 or later

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 53. Findings: 1 critical (+40), 1 medium (+10), 1 low (+3).

Published to npm: