checkstyle is vulnerable to XML external entity attacks. The external-parameter-entities
feature is not disabled by default, allowing a remote attacker to retrieve system files or perform requests on behalf of the server via a malicious XML document.