In JetBrains IntelliJ IDEA prior to 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
jetbrains intellij idea