On November 7th, Chris Smith (@chrismsnz) of Insomnia Security alerted the Laravel development team of a method of bypassing the CSRF verification in Laravel 4 applications.

To patch your applications, modify the default CSRF route filter in the app/filters.php file to the following:

Route::filter('csrf', function()
{
    if (Session::token() !== Input::get('_token'))
    {
        throw new IlluminateSessionTokenMismatchException;
    }
});

Note that the token comparison has been changed from a != comparison to a !== comparison. This will prevent specially crafted JSON requests from bypassing the filter.

If you are using the CSRF protection feature of Laravel, it is recommended that you apply this patch immediately.

Source: Laravel Blog