hazelcast is vulnerable to XML external entity attacks. The AbstractXmlConfigRootTagRecognizer
function of AbstractXmlConfigRootTagRecognizer.java
does not disable access to external entities by default, allowing an attacker to submit a malicious XML document to perform requests on behalf of the server.