[MEDIUM] Laravel does not properly constrain the host portion of a password-reset URL

PKSA-c426-3h53-ggcs CVE-2017-9303 GHSA-rc8x-jrrc-frfv

Affected package: laravel/laravel

Affected version: >=5.4.0,<5.4.22

Reported by:
GitHub