Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host
The clerkFrontendApiProxy function in @clerk/backend is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can craft a request path that causes the proxy to send the application's Clerk-Secret-Key to an attacker-controlled server.