The product processes an XML document that can contain XML
entities with URLs that resolve to documents outside of the intended sphere of
control, causing the product to embed incorrect documents into its
The product uses untrusted input when calculating or using an
array index, but the product does not validate or incorrectly validates the
index to ensure the index references a valid position within the array.