← voltar
CVE-2020-36950

Laravel Nova 3.7.0 - 'range' DoS

CVSS 8.7 HIGHEPSS 0.3%CWE-770
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Laravel Holdings Inc. · Laravel Nova

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://nova.laravel.com/https://nova.laravel.com/releaseshttps://www.exploit-db.com/exploits/49198https://www.vulncheck.com/advisories/laravel-nova-range-dos