undici is vulnerable to server-side request forgery. The library assumes that the hostname won’t change, when in actuality it can change because the specified path
parameter is combined with the base URL, allowing remote attackers to cause SSRF attacks via sending a crafted request through the path
parameter of undici.request
.