What is the CVSS score of CVE-2020-36950?

CVE-2020-36950 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Laravel are affected by CVE-2020-36950?

Organizations using Laravel Nova 3.7.0 should be aware of notable risk from CVE-2020-36950 rated CVSS 6.5. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2020-36950?

Yes, a public proof-of-concept exploit is available for CVE-2020-36950. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-36950?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Laravel CVE-2020-36950

MEDIUM

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-01-27 disclosure@vulncheck.com

Laravel Denial Of Service

6.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Jan 29, 2026 - 16:31 vuln.today

Public exploit code

CVE Published

Jan 27, 2026 - 16:16 nvd

MEDIUM 6.5

DescriptionCVE.org

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.

AnalysisAI

Technical ContextAI

This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.

Affected ProductsAI

Laravel Nova 3.7.0 contains a denial of service vulnerability that

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-36950 vulnerability details – vuln.today

Back

Laravel CVE-2020-36950

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code