Vulnerability	Vulnerable Version
H XML External Entity (XXE) Injection Affected versions of this package are vulnerable to XML External Entity (XXE) Injection in the `startAssetImport` process. An attacker can access sensitive files on the server or initiate server-side requests by uploading specially crafted XML files containing external entity references. This is only exploitable if the attacker is an authenticated user with access to the Velbus asset import functionality and the targeted file is less than 1023 characters in length. How to fix XML External Entity (XXE) Injection? Upgrade `io.openremote:openremote-agent` to version 1.22.0 or higher.	[,1.22.0)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection in the startAssetImport process. An attacker can access sensitive files on the server or initiate server-side requests by uploading specially crafted XML files containing external entity references. This is only exploitable if the attacker is an authenticated user with access to the Velbus asset import functionality and the targeted file is less than 1023 characters in length.

How to fix XML External Entity (XXE) Injection?

Upgrade io.openremote:openremote-agent to version 1.22.0 or higher.

[,1.22.0)

Go back to all versions of this package