← volver
CVE-2020-36950

Laravel Nova 3.7.0 - 'range' DoS

CVSS 8.7 HIGHEPSS 0.3%CWE-770
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Productos afectados
Laravel Holdings Inc. · Laravel Nova

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://nova.laravel.com/https://nova.laravel.com/releaseshttps://www.exploit-db.com/exploits/49198https://www.vulncheck.com/advisories/laravel-nova-range-dos