laravel/framework is vulnerable to phishing attacks. The library uses the host of the incoming request to build the password reset URL. This can allow a malicious user to spoof the host of the password reset URL link, leading to other users accidentally entering their login credentials on a malicious site.