active_url validation check bypass in Laravel June 12, 2021 ◦ 1 min ◦ Vikrant Singh Chauhan Security #laravel #validation #bypass #active_url #Huntr #bug bounty Reported and fixed a vulnerability in Laravel where active_url validation rule could be bypassed in a situation where a target has a subdomain localhost. References: https://huntr.dev/bounties/2-laravel/framework/ https://github.com/laravel/framework/commit/c50087d457d3b2e2839f2e8b080f40832f4f7e46 https://github.com/laravel/framework/pull/37675