[MEDIUM] magento-lts Reset Password not protected against well-timed CSRF

PKSA-dgzr-rbc9-1c35 CVE-2021-21395 GHSA-r3c9-9j5q-pwv4

Affected package: openmage/magento-lts

Affected version: >=20.0.0,<20.0.19|<19.4.22

Reported by:
GitHub