Presumably any markup language that allows recursive variables/definitions is vulrnable to this. Hell some markup languages are full-on Turing complete (Wiki pages for example) and therefore can be used to make honest to god infinite loops or maybe even directly run general purpose malicious code on a server.
https://en.wikipedia.org/wiki/Zip_bomb
at least you didn’t accidentally 93MB of .rar files
Similarly, XML bombs exist: https://en.wikipedia.org/wiki/Billion_laughs_attack
Presumably any markup language that allows recursive variables/definitions is vulrnable to this. Hell some markup languages are full-on Turing complete (Wiki pages for example) and therefore can be used to make honest to god infinite loops or maybe even directly run general purpose malicious code on a server.