rspec/rules/S6374/description.adoc

By default XML processors attempt to load all XML schemas and DTD (their locations are defined with `xsi:schemaLocation` attributes and `DOCTYPE` declarations), potentially from an external storage such as file system or network, which may lead, if no restrictions are put in place, to https://www.owasp.org/index.php/Server_Side_Request_Forgery[server-side request forgery (SSRF)] vulnerabilities.
	By default XML processors attempt to load all XML schemas and DTD (their locations are defined with `xsi:schemaLocation` attributes and `DOCTYPE` declarations), potentially from an external storage such as file system or network, which may lead, if no restrictions are put in place, to https://www.owasp.org/index.php/Server_Side_Request_Forgery[server-side request forgery (SSRF)] vulnerabilities.