Presumably any markup language that allows recursive variables/definitions is vulrnable to this. Hell some markup languages are full-on Turing complete (Wiki pages for example) and therefore can be used to make honest to god infinite loops or maybe even directly run general purpose malicious code on a server.
Similarly, XML bombs exist: https://en.wikipedia.org/wiki/Billion_laughs_attack
Presumably any markup language that allows recursive variables/definitions is vulrnable to this. Hell some markup languages are full-on Turing complete (Wiki pages for example) and therefore can be used to make honest to god infinite loops or maybe even directly run general purpose malicious code on a server.