CVE-2020-36950

MEDIUM

Laravel Nova 3.7.0 - DoS

Title source: llm

Description

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.

Exploits (1)

exploitdb WRITEUP

by iqzer0 · textwebappsphp

https://www.exploit-db.com/exploits/49198

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49198

[Various Sources] https://nova.laravel.com/

[Various Sources] https://nova.laravel.com/releases

[Third Party Advisory] https://www.vulncheck.com/advisories/laravel-nova-range-dos

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 19.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (1)

Laravel Holdings Inc./Laravel Nova 3.7.0

Published Jan 27, 2026

Tracked Since Feb 18, 2026