EPSS
Percentile
25.8%
@shopify/hydrogen is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the renderHydrogen function of entry-server.js when the application is built with hydrogen.
renderHydrogen
entry-server.js
github.com/Shopify/hydrogen/commit/c188865255c5f20d9db285e375c57127030e23e6
github.com/Shopify/hydrogen/pull/1272
github.com/Shopify/hydrogen/releases/tag/%40shopify/hydrogen%400.19.0
github.com/Shopify/hydrogen/security/advisories/GHSA-6j22-wv8g-894f