Search criteria
2 vulnerabilities found for Laravel Nova by Laravel Holdings Inc.
CVE-2020-36950 (GCVE-0-2020-36950)
Vulnerability from nvd – Published: 2026-01-27 15:23 – Updated: 2026-01-27 21:35
VLAI?
Title
Laravel Nova 3.7.0 - 'range' DoS
Summary
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Nova |
Affected:
3.7.0
|
Credits
iqzer0
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T21:07:25.905338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T21:35:57.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Laravel Nova",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"status": "affected",
"version": "3.7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "iqzer0"
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the \u0027range\u0027 parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:23:50.926Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49198",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49198"
},
{
"name": "Laravel Nova Official Homepage",
"tags": [
"product"
],
"url": "https://nova.laravel.com/"
},
{
"name": "Laravel Nova Releases Page",
"tags": [
"patch"
],
"url": "https://nova.laravel.com/releases"
},
{
"name": "VulnCheck Advisory: Laravel Nova 3.7.0 - \u0027range\u0027 DoS",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/laravel-nova-range-dos"
}
],
"title": "Laravel Nova 3.7.0 - \u0027range\u0027 DoS",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36950",
"datePublished": "2026-01-27T15:23:50.926Z",
"dateReserved": "2026-01-25T13:50:01.143Z",
"dateUpdated": "2026-01-27T21:35:57.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36950 (GCVE-0-2020-36950)
Vulnerability from cvelistv5 – Published: 2026-01-27 15:23 – Updated: 2026-01-27 21:35
VLAI?
Title
Laravel Nova 3.7.0 - 'range' DoS
Summary
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Laravel Holdings Inc. | Laravel Nova |
Affected:
3.7.0
|
Credits
iqzer0
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T21:07:25.905338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T21:35:57.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Laravel Nova",
"vendor": "Laravel Holdings Inc.",
"versions": [
{
"status": "affected",
"version": "3.7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "iqzer0"
}
],
"descriptions": [
{
"lang": "en",
"value": "Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the \u0027range\u0027 parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:23:50.926Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49198",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49198"
},
{
"name": "Laravel Nova Official Homepage",
"tags": [
"product"
],
"url": "https://nova.laravel.com/"
},
{
"name": "Laravel Nova Releases Page",
"tags": [
"patch"
],
"url": "https://nova.laravel.com/releases"
},
{
"name": "VulnCheck Advisory: Laravel Nova 3.7.0 - \u0027range\u0027 DoS",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/laravel-nova-range-dos"
}
],
"title": "Laravel Nova 3.7.0 - \u0027range\u0027 DoS",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36950",
"datePublished": "2026-01-27T15:23:50.926Z",
"dateReserved": "2026-01-25T13:50:01.143Z",
"dateUpdated": "2026-01-27T21:35:57.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}