Redirects must be controlled,
especially when they depend on external input.
Systems must guarantee that all redirects lead to a controlled or trusted site.
In general, redirects based on input data should be avoided as they could
enable to phishing attacks.
If they are required, they should be controlled so that users are only
redirected to trusted sites.
CWE-918: Server-Side Request Forgery (SSRF).
The web server receives a URL or similar request from an upstream component
and retrieves the contents of this URL,
but it does not sufficiently ensure that the request is being sent to the