Found this from a security vulnerability scan. The following usage in gremlin-core package allows reading XML input stream and could potentially lead to XXE attack.
In general, when XML input containing a reference to an external entity is processed by a weakly configured XML parser, it can lead to an XML external entity (XXE) attack.
More details on the vulnerability: https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing
Setting these properties on the XML factory should fix this: