This gives an attacker an opportunity to trigger HTTP requests from your web-server to URLs of their choosing.