documentbuilderfactory-xxe
. Alternatively, the following configurations also provide protection against XXE attacks.
FACTORY.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true)
FACTORY.setFeature(“http://xml.org/sax/features/external-general-entities”, false)`. For more information, see: Java XXE prevention