jena-core is vulnerable to XML external entity attacks. The RDFXMLParser
function of RDFXMLParser.java
does not properly disable the access to external entities, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server.