It is the type of attack which parses the XML input and allows an attacker to interfere with an application's processing of XML data. It occurs when untrusted XML input containing a reference to an external entity is processed by a weekly configured XML. This attack may lead to leakage of confidential data from the server, denial of service, Server-side request forgery (SSRF), port scanning.
The Safest way to prevent this is always to disable the Document Type Definitions (External Entities) completely.
If it is not possible to disable DTDs completely, then external entities and external document type definitions must be disabled.
Please click the below link to read more
Authored by : Faizan Qazi, TCS Cyber Security