In this video (0:37) the guy starts a simple HTTP server using Python and then uses a link to fetch a file from the server he just started. But how does this pose a potential security vulnerability?
A file gets uploaded to a place and that file is fetched from some address in the internet (in this case the HTTP python server). How come this creates a SSRF security vulnerability and how can this vulnerability be exploited?
In a server-side request forgery (SSRF) attack, the attacker forces a vulnerable server to issue malicious requests on their behalf.
Your linked video shows a typical scenario: Many community websites give you the ability to provide a link to a resource, e.g. the URL to a profile picture you want to upload (StackExchange does that, too). The web server will then try to fetch that resource to download it to their own CDN or processes it in some way.
The most common attack idea here is that you can make the server fetch a resource that only the server has access to but you don't, e.g. intranet servers behind a firewall.
So you could specify a link to http://intranet/ instead of a genuine profile picture URL and hope that the server fetches a page from its own intranet, thereby revealing the content to you. Similarly, you could guess internal IP addresses and port numbers that might be blocked to you but not the requesting server. In case you don't get useful content back you could still measure response times or conclude from error messages if the target IPs exists in their internal network.
