If your web-server makes HTTP requests to arbitrary domains that can be chosen by an attacker, you may be vulnerable to server-side request forgery (SSRF) attacks.