The code is vulnerable to SSRF attack. The issue in this code snippet is that the Java's URI.resolve() will return its parameter if it is an absolute URL, which can be abused to perform SSRF. By using http:/example.com# as artifact the final URL will start with http:/example.com#, which the OkHttp library will accept when making the request.