CVE-2022-29230
Hydrogen (Shopify) has a reported Cross-Site Scripting (XSS) vulnerability affecting version range 0.10.0 to 0.18.0, exploitable when hydrating data is user-controlled. The issue may allow an arbitrary script to run in pages built with Hydrogen. A fix is available: upgrade to v0.19.0; CSP is not ...