CVE-2020-36950
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Laravel Holdings Inc. | Laravel Nova | 3.7.0 | affected |
Weaknesses
- CWE-770: Allocation of Resources Without Limits or Throttling
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/49198
- https://nova.laravel.com/
- https://nova.laravel.com/releases
- https://www.vulncheck.com/advisories/laravel-nova-range-dos
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.