Also known as XML entity expansion, Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
denial-of-service attack at XML parsers, exploiting entity expansion
Discovered by embedding cosine similarity (sentence-transformers MiniLM, 384-dim).