[CVE-2022-35949]: undici.request vulnerable to SSRF using absolute / protocol-relative URL on pathname