Laravel Nova 3.7.0 - 'range' DoS | Advisories

Advisories

Laravel Nova 3.7.0 - 'range' DoS

severity: high
date: January 27, 2026
Affecting: Laravel Nova 3.7.0
CVE: CVE-2020-36950
CWE: CWE-770 Allocation of Resources Without Limits or Throttling
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-49198
Laravel Nova Official Homepage
Laravel Nova Releases Page
Credit: iqzer0
Description: Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.