Unvalidated SSRF Fetch

A recurring SSRF motif where user-supplied URL content is directly fed into server-side HttpClient requests without allowlisting or scheme/host validation, letting attacker-controlled redirects target internal or unintended network resources.