CVE-2020-36950

High CVSS: 8.7

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.

Vendor

Product

CWE

CWE-770

Yayın Tarihi

2026-01-27 16:16:12

Güncelleme

2026-01-29 16:31:35

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-770 HIGH 2026

Referanslar

https://nova.laravel.com/ https://nova.laravel.com/releases https://www.exploit-db.com/exploits/49198 https://www.vulncheck.com/advisories/laravel-nova-range-dos