Reported and fixed a vulnerability in Laravel where active_url validation rule could be bypassed in a situation where a target has a subdomain localhost.

References:

• https://huntr.dev/bounties/2-laravel/framework/

• https://github.com/laravel/framework/commit/c50087d457d3b2e2839f2e8b080f40832f4f7e46

• https://github.com/laravel/framework/pull/37675