Primary

Context

Laravel Nova Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Laravel Nova version 3.7.0. This issue allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash and become unresponsive.

Reproduction

To reproduce this vulnerability, an authenticated user can send simultaneous requests to the '/nova-api/metrics/sum-orders' endpoint, using a very high value for the 'range' parameter. In testing, sending 10 simultaneous requests with a range value of 3,000,000 was sufficient to crash the server.

Added: Jan 27, 2026, 4:48 PM

Updated: Jan 27, 2026, 4:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Laravel Nova Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating