The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.